Database Security and
Auditing: Protecting Data
Integrity and Accessibility
Chapter 8
Application Data Auditing
Objectives
• Understand the difference between the auditing
architecture of DML Action Auditing Architecture
and DML changes
• Create and implement Oracle triggers
• Create and implement SQL Server triggers
• Define and implement Oracle fine-grained
auditing
Database Security & Auditing: Protecting Data Integrity & Accessibility
2
Objectives (continued)
• Create a DML statement audit trail for Oracle
and SQL Server
• Generate a data manipulation history
• Implement a DML statement auditing using a
repository
Database Security & Auditing: Protecting Data Integrity & Accessibility
3
Objectives (continued)
• Understand the importance and the
implementation of application errors auditing in
Oracle
• Implement Oracle PL/SQL procedure
authorization
Database Security & Auditing: Protecting Data Integrity & Accessibility
4
DML Action Auditing Architecture
• Data Manipulation Language (DML):
companies use auditing architecture for DML
changes
• DML changes can be performed on two levels:
– Row level
– Column level
• Fine-grained auditing (FGA)
Database Security & Auditing: Protecting Data Integrity & Accessibility
5
DML Action Auditing Architecture
(continued)
Database Security & Auditing: Protecting Data Integrity & Accessibility
6
DML Action Auditing Architecture
(continued)
Database Security & Auditing: Protecting Data Integrity & Accessibility
7
Oracle Triggers
• Stored PL/SQL procedure executed whenever:
– DML operation occurs
– Specific database event occurs
• Six DML events (trigger timings): INSERT,
UPDATE, and DELETE
• Purposes:
– Audits, controlling invalid data
– Implementing business rules, generating values
Database Security & Auditing: Protecting Data Integrity & Accessibility
8
Oracle Triggers (continued)
Database Security & Auditing: Protecting Data Integrity & Accessibility
9
Oracle Triggers (continued)
• CREATE TRIGGER
• Executed in a specific order:
– STATEMENT LEVEL triggers before COLUMN
LEVEL triggers
– BEFORE triggers before AFTER triggers
• USER_TRIGGERS data dictionary view: all
triggers created on a table
• A table can have unlimited triggers: do not
overuse them
Database Security & Auditing: Protecting Data Integrity & Accessibility
10
Oracle Triggers (continued)
Database Security & Auditing: Protecting Data Integrity & Accessibility
11
SQL Server Triggers
• CREATE TRIGGER DDL statement: creates a
trigger
• Trigger condition:
– Prevents a trigger from firing
– UPDATE() and COLUMNS_UPDATE() functions
• Logical tables:
– DELETED contains original data
– INSERTED contains new data
Database Security & Auditing: Protecting Data Integrity & Accessibility
12
SQL Server Triggers (continued)
• Restrictions—Transact-SQL statements not
allowed:
–
–
–
–
–
–
–
ALTER and CREATE DATABASE
DISK INIT and DISK RESIZE
DROP DATABASE and LOAD DATABASE
LOAD LOG
RECONFIGURE
RESTORE DATABASE
RESTORE LOG
Database Security & Auditing: Protecting Data Integrity & Accessibility
13
Implementation of an Historical Model
with SQL Server
• Create a history table:
– Same structure as original table
– HISTORY_ID column
• Create a trigger: inserts original row into the
HISTORY table
Database Security & Auditing: Protecting Data Integrity & Accessibility
14
Fine-grained Auditing (FGA) with
Oracle
• Oracle provides column-level auditing: Oracle
PL/SQL-supplied package DBMS_FGA
• DBMS_FGA procedures:
–
–
–
–
ADD_POLICY
DISABLE_POLICY
DROP_POLICY
ENABLE_POLICY
Database Security & Auditing: Protecting Data Integrity & Accessibility
15
Fine-grained Auditing (FGA) with
Oracle (continued)
• ADD_POLICY parameters:
–
–
–
–
–
–
OBJECT_SCHEMA
OBJECT_NAME
POLICY_NAME
AUDIT_CONDITION
AUDIT_COLUMN
HANDLER_SCHEMA
Database Security & Auditing: Protecting Data Integrity & Accessibility
16
Fine-grained Auditing (FGA) with
Oracle (continued)
• ADD_POLICY parameters (continued):
– HANDLER_MODULE
– ENABLE
– STATEMENT_TYPES
• DBA_FGA_AUDIT_TRAIL: view the audit trail
of the DML activities
Database Security & Auditing: Protecting Data Integrity & Accessibility
17
DML Action Auditing with Oracle
• Record data changes on the table:
– Name of the person making the change
– Date of the change
– Time of the change
• Before or after value of the columns are not
recorded
Database Security & Auditing: Protecting Data Integrity & Accessibility
18
DML Action Auditing with Oracle
(continued)
Database Security & Auditing: Protecting Data Integrity & Accessibility
19
DML Action Auditing with Oracle
(continued)
• Steps:
– Use any user other than SYSTEM or SYS; with
privileges to create tables, sequences, and
triggers
– Create the auditing table
– Create a sequence object
– Create the trigger that will record DML
operations
– Test your implementation
Database Security & Auditing: Protecting Data Integrity & Accessibility
20
History Auditing Model Implementation
Using Oracle
• Historical data auditing is simple to implement;
main components are TRIGGER objects and
TABLE objects
• Keeps record of:
– Date and time the copy of the record was
captured
– Type of operation applied to the record
Database Security & Auditing: Protecting Data Integrity & Accessibility
21
History Auditing Model Implementation
Using Oracle (continued)
• Steps:
– Use any user other than SYSTEM or SYS; with
privileges to create tables, sequences, and
triggers
– Create history table
– Create the trigger to track changes and record
all the values of the columns
– Test your implementation
Database Security & Auditing: Protecting Data Integrity & Accessibility
22
DML Auditing Using Repository with
Oracle (Simple 1)
• Simple Auditing Model 1
• Flag users, tables, or columns for auditing
• Requires less database administrative skills:
– Application administrators can do it
– User interface is built in top of the repository
• Auditing flags are flexible
• Does not record before or after column values;
only registers type of DML operations
Database Security & Auditing: Protecting Data Integrity & Accessibility
23
DML Auditing Using Repository with
Oracle (Simple 1) (continued)
Database Security & Auditing: Protecting Data Integrity & Accessibility
24
DML Auditing Using Repository with
Oracle (Simple 1) (continued)
• Steps:
–
–
–
–
–
Use any user other than SYSTEM or SYS
Create triggers
Create sequence object
Build tables to use for applications
Populate application tables
Database Security & Auditing: Protecting Data Integrity & Accessibility
25
DML Auditing Using Repository with
Oracle (Simple 1) (continued)
• Steps (continued):
– Populate auditing repository with metadata
– Create the stored package to be used with the
trigger
– Create triggers for application tables
– Test your implementation
Database Security & Auditing: Protecting Data Integrity & Accessibility
26
DML Auditing Using Repository with
Oracle (Simple 2)
• Simple Auditing Model 2: requires a higher level
of expertise in PL/SQL
• Stores two types of data:
– Audit data: value before or after a DML
statement
– Audit table: name of the tables to be audited
Database Security & Auditing: Protecting Data Integrity & Accessibility
27
DML Auditing Using Repository with
Oracle (Simple 2) (continued)
Database Security & Auditing: Protecting Data Integrity & Accessibility
28
DML Auditing Using Repository with
Oracle (Simple 2) (continued)
• Steps:
– Use any user other than SYSTEM or SYS; with
privileges to create tables, and triggers
– Create the auditing repository
– Establish a foreign key in AUDIT_DATA table
referencing AUDIT_TABLE table
– Create a sequence object
– Create the application schema
Database Security & Auditing: Protecting Data Integrity & Accessibility
29
DML Auditing Using Repository with
Oracle (Simple 2) (continued)
• Steps (continued):
– Add data to tables
– A stored PL/SQL package will be used for
auditing within the triggers
– Create triggers for audited tables
– Add auditing metadata
– Test your implementation
Database Security & Auditing: Protecting Data Integrity & Accessibility
30
Auditing Application Errors with Oracle
• Application errors must be recorded for further
analysis
• Business requirements mandate to keep an
audit trail of all application errors
• Materials:
– Repository consisting of one table
– Methodology for your application
Database Security & Auditing: Protecting Data Integrity & Accessibility
31
Auditing Application Errors with Oracle
(continued)
• Steps:
– Select any user other than SYSTEM or SYS;
with privileges to create tables, and procedures
– Populate tables
– Create the ERROR table
– Create a stored package to perform the
UPDATE statement
– Test your implementation: perform and update
using the CREATE package
Database Security & Auditing: Protecting Data Integrity & Accessibility
32
Oracle PL/SQL Procedure
Authorization
• Oracle PL/SQL stored procedures are the
mainstay of implementing business rules
• Security modes:
– Invoker rights: procedure is executed using
security credentials of the caller
– Definer rights: procedure is executed using
security credentials of the owner
Database Security & Auditing: Protecting Data Integrity & Accessibility
33
Oracle PL/SQL Procedure
Authorization (continued)
• Steps:
– Create a new user
– Select a user with CREATE TABLE and
PROCEDURE privileges
– Populate tables
– Create stored procedure to select rows in a table
– Grant EXECUTE privileges on new procedure
– Log on as the new user and query the table
– Execute procedure
Database Security & Auditing: Protecting Data Integrity & Accessibility
34
Summary
• Two approaches for DML auditing:
– Set up an audit trail for DML activities
– Register all column values before or after the
DML statement (column-level auditing)
• Fine-grained auditing (Oracle)
• Triggers:
– Stored PL/SQL procedure automatically
executed
– Oracle has six DML events
Database Security & Auditing: Protecting Data Integrity & Accessibility
35
Summary (continued)
• Triggers are executed in order
• USER_TRIGGERS data dictionary view: shows
all triggers
• SQL Server 2000:
– CREATE TRIGGER DDL statement
– Conditional functions: UPDATE() and
COLUMNS_UPDATED()
• FGA allows generation of audit trail of DML
activities
Database Security & Auditing: Protecting Data Integrity & Accessibility
36
Summary (continued)
• FGA is capable of auditing columns or tables;
Oracle PL/SQL-supplied package DBMS_FGA
• PL/SQL stored procedures security modes:
– Invoker rights
– Definer rights
Database Security & Auditing: Protecting Data Integrity & Accessibility
37