OCP-042 fine-grained Auditing

13. The SAVE_AMT column in the ACCOUNTS table contains the balance details of customers in a bank.
As part of the yearend
tax and interest calculation process, all the rows in the table need to be accessed.
The bank authorities want to track access to the rows containing balance amounts exceeding $200,000,
and then send an alert message to the administrator.
Which method would you suggest to the bank for achieving this task?
A. implementing valuebased
auditing by using triggers
B. implementing finegrained
auditing with audit condition and event handler
C. performing standard database auditing to audit object privileges by setting the AUDIT_TRAIL
parameter to EXTENDED
D. performing standard database auditing to audit SQL statements with granularity level set to ACCESS
Answer: B

Fine-Grained Auditing

Fine-grained auditing allows the monitoring of data access based on content. It provides granular auditing of queries, as well as INSERT, UPDATE, and DELETEoperations. For example, a central tax authority needs to track access to tax returns to guard against employee snooping, with enough detail to determine what data was accessed. It is not enough to know that SELECT privilege was used by a specific user on a particular table. Fine-grained auditing provides this deeper functionality.

In general, fine-grained auditing policy is based on simple user-defined SQL predicates on table objects as conditions for selective auditing. During fetching, whenever policy conditions are met for a returning row, the query is audited. Later, Oracle runs user-defined audit event handlers using autonomous transactions to process the event.

Fine-grained auditing can be implemented in user applications using the DBMS_FGA package or by using database triggers.