Question

Discuss in 500 words or more why Oracle 12c has introduced two new roles – AUDIT_ADMIN and AUDIT_VIEWER. Include a discussion of what database auditing is and what it does. Consider why these new roles were introduced and what problem they are meant to resolve. Do not simply define the roles. Explain why they are useful.

Answer 1

//NOTE: I have tried my best to provide you with this article as per your requirement.DO give a thumbs up for my effort 0:)

Oracle 12c has introduced two new roles – AUDIT_ADMIN and AUDIT_VIEWER

With the introduction of Oracle Database 12c, we have a plethora of new security features, as listed in the Oracle Database 12c Security Guide, amongst which we now have a brand new Unified Audit Data Trail, enabling selective and even more effective auditing inside the Oracle database using policies and conditions. A consolidated audit data trail has many advantages, especially when it's integrated with Audit mining tools.

Unified Auditing is a new feature in Oracle 12c. In Oracle 12c, a new database auditing Foundation has been introduced. Oracle Unified Auditing changes the fundamental auditing functionality of the database. In previous releases of Oracle, there were separate audit trails for each individual component. Unified Auditing consolidates all auditing into a single repository and view. This provides a two-fold simplification: audit data can now be found in a single location, and all audit data is in a single format.

In previous releases of Oracle Database, there were separate audit trails for individual components:

• SYS.AUD$ for the database audit trail,
• SYS.FGA_LOG$ for fine-grained auditing,
• DVSYS.AUDIT_TRAIL$ for Oracle Database Vault, Oracle Label Security, and so on.

In this release, these audit trails are all unified into one, viewable from the UNIFIED_AUDIT_TRAIL data dictionary view for single-instance installations or Oracle Database Real Application Clusters environments.

On Oracle Database 12c, with Unified Auditing and Conditional Auditing, you get the ability to configure precise, context-dependent logging which should reduce the performance overhead associated with database auditing and enable more effective analysis of audit logs.

Conditional Auditing supports highly selective logging policies that minimize log entries to specific events such as particular SQL statements including the actions CREATE or ALTER originating from outside specific application servers identified by IP address. Other variables include programs, time periods and connection types.

With Unified Auditing you can now run analysis reports on an entire set of audit data in one operation, rather than having to first gather them into one location before performing the analysis. Audit mining tools such as Oracle Audit Vault now can look at one location rather than several in order to gather audit records. A unified audit trail ensures that the audit information is consistently formatted and contains consistent fields. Database auditing in 12c can be integrated with the Oracle Audit Vault and Database Firewall, used to control and monitor SQL network activity. Unlike standard packet filter firewalls that operate at layers 3 and 4 of the OSI model, the Oracle Database Firewall performs highly accurate analysis of SQL traffic at layer 7 and can block SQL injection attacks.

Most DBAs hate auditing and the reasons are reasonable: it’s annoying to set up, it impacts the performance of the environment, it’s not as secure until 12c because the audit data stays in the SYS schema and we have no other choice. Unified Auditing is actually safer because a new schema called AUDSYS stores auditing data is more performative because of the memory area allocated for this purpose and replaces almost all existing audit methods. That alone is a good reason to upgrade to 12c, but that’s not the focus of this article.

NEED to use auditing in Oracle are mention below:-

• Enable accountability for actions. These include actions taken in a particular schema, table, or row, or affecting specific content.
• Deter users (or others, such as intruders) from inappropriate actions based on their accountability.
• Investigate suspicious activity. For example, if a user is deleting data from tables, then a security administrator can audit all connections to the database and all successful and unsuccessful deletions of rows from all tables in the database.
• Notify an auditor of the actions of an unauthorized user. For example, an unauthorized user could be changing or deleting data, or the user has more privileges than expected, which can lead to reassessing user authorizations.
• Monitor and gather data about specific database activities. For example, the database administrator can gather statistics about which tables are being updated, how many logical I/Os are performed, or how many concurrent users connect at peak times.
• Detect problems with an authorization or access control implementation. For example, you can create audit policies that you expect will never generate an audit record because the data is protected in other ways. However, if these policies generate audit records, then you will know the other security controls are not properly implemented.
• Address auditing requirements for compliance. Regulations such as the following have common auditing-related requirements:
  • Sarbanes-Oxley Act
  • Health Insurance Portability and Accountability Act (HIPAA)
  • International Convergence of Capital Measurement and Capital Standards: a Revised Framework (Basel II)
  • Japan Privacy Law
  • European Union Directive on Privacy and Electronic Communications

REASONS to use Unified Auditing are mention below:-

• Consolidate all audit information into a single audit trail table
• Improve audit performance
• Simple configuration
• Secure audit data for all RDBMS Options and other components like RMAN and Data Pump

Separation of Duties for Audit Administration

For better separation of duty, two new database roles are now available for use with auditing: AUDIT_ADMIN, for audit configuration and audit trail administration, and AUDIT_VIEWER, for viewing and analyzing audit data.

• Faster Audit Performance

This release provides a much faster audit performance than in previous releases of Oracle Database. You also can control how the audit records are written to the audit trail, whether immediately or queued to memory.

• Auditing In 12c

1. Ability to Audit Any Role.
2. Auditing Application Context Values.
3. Auditing Oracle Database Real Application Security Events.
4. Auditing Oracle Recovery Manager Events.
5. Auditing Oracle Database Vault Events.
6. Auditing Oracle Label Security Events.
7. Auditing Oracle Data Mining Events.
8. Auditing Oracle Data Pump Events.
9. Auditing Oracle SQL*Loader Direct Load Path Events.
10. Moving Operating System Audit Records into the Unified Audit Trail.