Orcale Tutorial Content


Getting Started - البدء مع إدارة قواعد البيانات
  • أنواع مستخدمي قواعد البيانات:
  • مهام مسؤول قاعدة البيانات:
  • SQL Statements:
  • Identifying Your Oracle Database Software Release - تحديد إصدار اوركل
  • About Database Administrator Security and Privileges- أمان وامتيازات مسؤول قاعدة البيانات
  • Database Administrator Authentication - مصادقة مسؤول قاعدة البيانات
  • Creating and Maintaining a Database Password File - إنشاء ملف كلمة المرور
    • Oracle Architectural Components - مكونات قاعدة البيانات أوركل
  • ﻤﻜﻭﻨﺎﺕ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ
  • Oracle Instance
  • Oracle Database
    • Installing Oracle Database - تثبيت الأوركل
  • Installing oracle database 10g in windows
    • Creating and Configuring Database - إنشاء قاعدة البيانات
  • ﺍﻟﺘﺨﻁﻴﻁ ﻟﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ
  • ﺇﻨﺸﺎﺀ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺒﺎﻟﻁﺭﻴﻘﺔ ﺍﻟﻴﺩﻭﻴﺔ علي Windows:
  • ﺇﻨﺸﺎﺀ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻋﻥ ﻁﺭﻴﻕ ﺍل(DBCA)
  • About Creating an Oracle Database
  • About Selecting a Character Set
  • Prerequisites for Database Creation
  • Creating a Database with the CREATE DATABASE Statement
  • Specifying CREATE DATABASE Statement Clauses
  • Specifying Initialization Parameters
    • Controlling The Database -التحكم في قاعدة البيانات
  • التحكم في قاعدة البيانات - Controlling The Database
  • ﺘﺸﻐﻴل ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ
  • ﺇﻏﻼﻕ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ
  • Opening a Database in Read-Only Mode
  • Opening a Database in Restricted Mode
    • Managing Tablespaces and Data files
  • ﻤﻔﺎﻫﻴﻡ ﻋﺎﻤﺔ ﻋﻥ ﺍل: Tablespaces
  • عملي
    • Control File & Redo Log Files
  • Control File
  • ﺘﻐﻴﻴﺭ ﺍﺴﻡ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ
  • Redo Log Files
    • Administrating Users - إدارة المستخدمين
  • ﺇﻨﺸﺎﺀ ﻭﺇﺩﺍﺭﺓ ﺍﻟﻤﺴﺘﺨﺩﻤﻴﻥ
  • Quota
  • ﻭﺴﻴﻠﺔ ﺍﻟﺘﺤﻘﻴﻕ
  • ﺍﻟﺼﻼﺤﻴﺎﺕ - Privileges
  • ROLES
  • PROFILES
    • Database Security & Monitoring - تأمين ومراقبة قاعدة البيانات
  • Database Security
  • ﻤﺭﺍﻗﺒﺔ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ - AUDITING
    • Oracle Net Services & Database Link & Metrlized Viewِ
  • Oracle Net Services
  • ﺍﻟﺘﺤﻜﻡ ﻓﻲ ﺍﻟﻭﺼﻭل ﻟﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ
  • External Procedures
  • Clients Side
  • Database Link
  • Materialized Views
    • Undo Management & Flashback Technology
  • UNDO MANAGEMENT
  • Flashback Query
  • Flashback Table
  • Flashback Versions Query
  • Flashback Transaction
  • Flashback Drop
  • Flashback Database
    • Managing Shared Servers
  • Why Shared Server
  • Dedicated Server
  • Shared Server Architecture
  • ﻤﺘﻰ ﻨﺴﺘﺨﺩﻡ ﺍل Shared Server ؟
    • Using Globalization Support
  • Globalization
  • ﺍﺨﺘﻴﺎﺭ وتغيير ﺍل Character Set
  • ﻤﺴﺘﻭﻴﺎﺕ ﺍل Globalization
  • ﺍﺴﺘﺨﺩﺍﻡ ﺍل Zones Time
    • Logical Backup & Recovery
  • Use Export Utilities to Export Data
  • TABLES EXPORT Using Export Utilities
  • SCHEMAS EXPORT Using Export Utilities
  • TABLESPACE EXPORT Using Export Utilities
  • DATABASE EXPORT Using Export Utilities
  • Use Import Utilities to Import Data
  • TABLES IMPORT Using Import Utilities
  • SCHEMAS IMPORT Using Import Utilities
  • DATABASE IMPORT Using Import Utilities
  • DATA PUMP
  • TABLES EXPORT Using Data Pump
  • SCHEMAS EXPORT Using Data Pump
  • DATABASE EXPORT Using Data Pump
  • TABLES IMPORT Using Data Pump
  • SCHEMAS IMPORT Using Data Pump
  • DATABASE IMPORT Using Data Pump
  • SQL*Loader
    • Physical Backup & Recovery
  • Physical Backup
  • ﻜﻴﻑ ﻨﻬﻴﺊ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻟﺘﻌﻤل ﻓﻲ ﺍﻟﻨﻤﻁ ARCHIVELOG؟
  • Cold Backup
  • Full Database Recovery
  • Loss of a Non-SYSTEM Data File
  • Loss of a SYSTEM Data File
  • Loss of an Un-archived Online Log Files
  • Loss of Control Files
  • Loss Unbackup Datafile
  • Damage Tempfile
  • Damage Temporary Tablespace
  • Damage Online Logfile Member
  • Point in Time Recovery
  • Backup and Recovery Options
  • Hot Backup
    • Recovery Manager (RMAN)
  • مقدمة
  • مكونات ال Recovery Manager (RMAN)
  • ﺃﻨﻭﺍﻉ ﺍﻻﺘﺼﺎل ﺒﺎل RMAN
  • ﺨﻴﺎﺭﺍﺕ وأنماط ﺍﻟﻨﺴﺦ ﺍﻹﺤﺘﻴﺎﻁﻰ
  • RMAN Configuration Setting
  • Recovery Catalog
  • RMAN Backups
  • Data Files Backup
  • Tablespaces Backup
  • Archived Redo Log Files Backup
  • Control File Backup
  • Database Backup
  • Incremental Backups
  • RMAN Commands
  • Complete Recovery
  • Incomplete Recovery
  • Restore ControlFile and spfile
    • Managing Resources
  • Consumer Groups
  • Resource Manager Plans
  • Resource Manager Configuration
  • Create Consumer Group
  • Update Consumer Group
  • Delete Consumer Group
  • Privileges & Resource Manager
  • Join To Consumer Group
  • Move Active User To Other Consumer Group
  • Create Resource Manager Plans & Directive
  • Update Resource Manager Plans
  • Update Resource Manager Plan Directives
  • Delete Resource Manager Plan Directives
  • Delete Resource Manager Plans
  • Create Simple Plan
  • Consumer Group Mapping
    • Automating Tasks with the Scheduler
  • The Scheduler Architecture
  • Jobs
  • Programs
  • Schedules
  • Using Programs and Schedules
  • Job Classes
  • Windows
  • (Privileges) ﺍﻟﺼﻼﺤﻴﺎﺕ
  • Job Logs
    • Dealing with Locking
  • Shared & Exclusive Locks
  • Manual Lock Table
  • The Enqueue Mechanism
  • Lock Contention
  • Deadlocks
    • Diagnostic Sources
  • Alert Log
  • Background Trace Files
  • Server-Generated Alerts
  • Editing Thresholds
  • User Trace Files
  • Instance-Level SQL Tracing
  • Session-Level SQL Tracing
    • Dealing With Database Corruption
  • Block Corruption
  • ﺍﻜﺘﺸﺎﻑ ﺍﻟﻜﺘل ﺍﻟﻔﺎﺴﺩﺓ (Detecting Block Corruptions)
  • The DBVERIFY Utility
  • The ANALYZE Command
  • DBMS_REPAIR Backage
  • ﺍﺴﺘﺭﺠﺎﻉ ﺍﻟﻜﺘل ﺍﻟﻔﺎﺴﺩﺓ ﺒﻭﺍﺴﻁﺔ ﺍل:RMAN
    • Managing & Monitoring Memory
  • The System Global Area
  • The Shared Pool
  • The Database Buffer Cache
  • The Default, Keep, and Recycle Pools
  • The Nonstandard Block Size Pools
  • Sizing the Database Buffer Cache
  • The Log Buffer
  • The Large Pool
  • The Java Buffer
  • The Steams Buffer
  • Automatic Shared Memory Management
  • Enable Automatic Shared Memory Management
  • The Program Global Area (PGA)
    • Performance Tunning
  • Invalid Objects
  • Unusable Indexes
  • Rebuild Invalid Inexes
  • Optimizer Statistics
  • Gathering Statistics
  • The Automatic Workload Repository (AWR)
  • The Automatic Database Diagnostic Monitor (ADDM)
  • The SQL Tuning Advisor
  • The SQL Access Advisor
  • The Mean Time to Recover Advisor
  • The Segment Advisor
  • The Undo Advisor

    • Database Security & Monitoring - تأمين ومراقبة قاعدة البيانات

    ﻤﺭﺍﻗﺒﺔ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ - AUDITING

    ﻤﺭﺍﻗﺒﺔ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻫﻭ ﺠﺯﺀ ﻤﻥ ﺘﺄﻤﻴﻥ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻭﻨﺴﺘﻁﻴﻊ ﻤﻥ ﺨﻼل ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺇﻴﺠﺎﺩ ﻜﺜﻴﺭ ﻤﻥ ﺍﻹﺠﺎﺒﺎﺕ ﻟﺒﻌﺽ ﺍﻷﻤﻭﺭ ﺍﻟﺘﻲ ﺴﺘﻅل ﻏﺎﻤﻀﺔ ﻟﻭﻻ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ،

    ﻭﻴﻤﻜﻥ ﺘﻘﺴﻴﻡ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺇﻟﻰ ﺜﻼﺙ ﺃﻨﻭﺍﻉ :-

    1-  Standard Database Auditing:

    ﻭﻫﻭ ﻟﻤﺘﺎﺒﻌﺔ ﻭﺤﻔﻅ ﻤﻌﻠﻭﻤﺎﺕ ﻋﻥ ﻋﻤﻠﻴﺎﺕ ﺍﻻﺘﺼﺎل ﻭﻗﻁﻊ ﺍﻻﺘﺼﺎل ﺒﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ، ﻭﺃﻴﻀﺎﹰ ﻤﺘﺎﺒﻌﺔ ﺍﺴﺘﺨﺩﺍﻡ (Object Privileges and System Privileges)

    ﺩﺍﺨل ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ، ﻜﻌﻤﻠﻴﺎﺕ ﺍﻹﻨﺸﺎﺀ ﻭﺍﻟﺤﺫﻑ ﻭﺍﻻﺴﺘﻌﻼﻡ ﻭﺍﻟﺘﻌﺩﻴل ﻭﻏﻴﺭﻩ ﻤﻥ ﺍﻟﻌﻤﻠﻴﺎﺕ.

    2 - Value-based auditing: ﻓﻲ ﺍﻟﻨﻭﻉ ﺍﻷﻭل ﺘﺎﺒﻌﻨﺎ ﻋﻤﻠﻴﺎﺕ ﺍﻻﺘﺼﺎل ﻭﻜﺫﻟﻙ ﻤﺘﺎﺒﻌﺔ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺩﺍﺨل ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ، ﻭﻟﻜﻥ ﻗﺩ ﻨﺤﺘﺎﺝ ﻟﻠﺤﻔﺎﻅ ﻋﻠﻲ ﺍﻟﻘﻴﻡ ﺍﻟﺘﻲ ﻴﺘﻡ ﺘﻐﻴﺭﻫﺎ ﻓﻲ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ.

    3 - Fine-grained auditing: ﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻟﺤﻔﻅ ﻋﺒﺎﺭﺍﺕ ﺍلSQL ﺍﻟﺘﻲ ﺘﻡ ﺘﻨﻔﻴﺫﻫﺎ ﻓﻲ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ.

    ﻭﻟﻜﻥ ﻗﺒل ﺍﻟﺘﻔﺼﻴل ﻓﻲ ﺃﻨﻭﺍﻉ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻻﺒﺩ ﻤﻥ ﺍﻹﺸﺎﺭﺓ ﺇﻟﻲ ﺃﻥ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺍﻭﺭﻜل 10g ﻻﺒﺩ ﻤﻥ ﺘﻬﻴﺌﺘﻬﺎ ﻗﺒل ﺍﻟﺒﺩﺀ ﻓﻲ ﻋﻤﻠﻴﺎﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺒﻭﺍﺴﻁﺔ ﺍﻟﻤﺘﻐﻴﺭ AUDIT_TRAIL ﺍﻟﺫﻱ ﻴﺄﺨﺫ ﺃﺤﺩ ﺍﻟﻘﻴﻡ ﺍﻟﺘﺎﻟﻴﺔ :-

    1 - NONE: ﻭﻫﻰ ﺘﻌﻨﻰ ﺃﻥ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻏﻴﺭ ﺠﺎﻫﺯﺓ ﻟﻌﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ.

    2- DB: ﻭﻫﻰ ﺘﻌﻨﻰ ﺃﻥ ﻤﻌﻭﻤﺎﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻴﺘﻡ ﺤﻔﻅﻬﺎ ﻓﻲ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻓﻲ ﺠﺩﺍﻭل ﺘﻨﺘﻤﻲ ﻟﻠﻤﺴﺘﺨﺩﻡ SYS .

    3 - :OS ﻭﻫﻰ ﺘﻌﻨﻰ ﺃﻥ ﻤﻌﻠﻭﻤﺎﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻴﺘﻡ ﺤﻔﻅﻬﺎ ﻋﻠﻰ ﻤﺴﺘﻭﻯ ﻨﻅﺎﻡ ﺍﻟﺘﺸﻐﻴل، ﻓﺈﺫﺍ ﻜﻨﺎ ﻨﻌﻤل ﻋﻠﻰ ﺒﻴﺌﺔ ﻭﻴﻨﺩﻭﺯ Widows ﻓﺎﻥ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺘﺤﻔﻅ ﻓﻲ ﺍلLog Event،

    ﺃﻤﺎ ﺇﺫﺍ ﻜﻨﺎ ﻨﻌﻤل ﻋﻠﻰ UNIX  or LINUX ﻓﺈﻥ ﺍﻟﻤﻌﻠﻭﻤﺎﺕ ﺘﺨﺯﻥ ﻜﻤﻠﻔﺎﺕ ﻓﻲ ﺍﻟﻤﺴﺎﺭ ﺍﻟﻤﺤﺩﺩ ﻋﻠﻰ ﺍﻟﻤﺘﻐﻴﺭ AUDIT_FILE_DEST .

    ﺍﻹﺼﺩﺍﺭ ﺍﻭﺭﻜل 10gﻴﺩﻋﻡ ﻤﺨﺘﻠﻑ ﺃﻨﻭﺍﻉ ﺍﻟﻤﺭﺍﻗﺒﺔ، ﺒﺤﻴﺙ ﻴﺴﺘﻁﻴﻊ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻤﺭﺍﻗﺒﺔ ﻜل ﻤﺎ ﻴﺤﺩﺙ ﻓﻲ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ، ﺘﺨﻴﻠﺕ ﻤﻌﻲ ﺤﺠﻡ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺍﻟﺘﻲ ﻴﺘﻡ ﺘﺨﺯﻴﻨﻬﺎ ﺇﺫﺍ ﻗﻤﻨﺎ ﺒﻤﺭﺍﻗﺒﺔ ﻜل ﻤﺎ ﻴﺤﺩﺙ ﻓﻲ

    ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻻ ﺸﻙ ﺃﻥ ﺫﻟﻙ ﺴﻴﻨﻌﻜﺱ ﺴﻠﺒﺎﹰ ﻋﻠﻰ ﺃﺩﺍﺀ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻟﺫﺍ ﻜﺎﻥ ﻟﺯﺍﻤﹰﺎ ﻋﻠﻰ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺍﻟﺘﺭﻜﻴﺯ ﻓﻲ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺒﺤﻴﺙ ﻴﺘﻡ ﻤﺭﺍﻗﺒﺔ ﻤﺎ ﻨﺤﺘﺎﺠﻪ ﺩﻭﻥ ﺍﻹﻓﺭﺍﻁ ﻓﻲ ﺍﻟﻤﺭﺍﻗﺒﺔ.

    ﻓﺈﺫﺍ ﺃﺭﺩﻨﺎ ﻤﺜﻼﹰ ﻤﺭﺍﻗﺒﺔ ﺒﻌﺽ ﺍﻟﺠﺩﺍﻭل ﻓﺎﻷﻓﻀل ﺍﻟﺘﺭﻜﻴﺯ ﻋﻠﻰ ﻨﻭﻉ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﻲ ﻴﺠﺏ ﻤﺘﺎﺒﻌﺘﻬﺎ ﻤﺜﻼﹰ ﺍﻟﺤﺫﻑ ﻓﻘﻁ، ﺃﻤﺎ ﺇﺫﺍ ﻗﻤﺕ ﺒﻤﺘﺎﺒﻌﺔ ﻜل ﻤﺎ ﻴﺤﺩﺙ ﻟﻠﺠﺩﺍﻭل ﻓﺈﻥ ﺫﻟﻙ ﺴﻴﺅﺜﺭ ﻋﻠﻰ ﺃﺩﺍﺀ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ

    ﻓﺴﻭﻑ ﻴﺘﻡ ﻤﺘﺎﺒﻌﺔ ﺍﻻﺴﺘﻌﻼﻤﺎﺕ ﻭﺍﻟﺘﻌﺩﻴل ﻭﺍﻟﺤﺫﻑ ﻭﻏﻴﺭﻩ ، ﺇﺫﺍ ﺍﻟﺘﺭﻜﻴﺯ ﺃﻤﺭ ﻤﻬﻡ ﻓﻲ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ.

    ﻭﺃﻭل ﻤﺎ ﻴﻠﺯﻤﻨﺎ ﻓﻌﻠﻪ ﻫﻭ ﺘﻬﻴﺌﺔ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺒﺘﻐﻴﺭ ﻗﻴﻤﺔ ﺍﻟﻤﺘﻐﻴﺭ AUDIT_TRAIL ﻤﻥ ﺍﻟﻘﻴﻤﺔ NONE ﺇﻟﻰ ﺍﺤﺩ ﺍﻟﻘﻴﻡ ﺍﻟﺘﺎﻟﻴﺔ (OS or DB)

    ﻭﻟﻨﻔﺘﺭﺽ ﻫﻨﺎ ﺃﻨﻨﺎ ﻨﺭﻴﺩ ﺘﺨﺯﻴﻥ ﻤﻌﻠﻭﻤﺎﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺩﺍﺨل ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ، ﺇﺫﺍﹰ ﻨﺨﺘﺎﺭ ﺍﻟﻘﻴﻤﺔ DB .

    ﻟﻜﻥ ﻗﺒل ﺫﻟﻙ ﻨﺘﺄﻜﺩ ﻤﻥ ﺍﻟﻤﺘﻐﻴﺭ AUDIT_TRAIL

    SHOW PARAMETER AUDIT_TRAIL;

     

    ﻨﻘﻭﻡ ﺒﺘﺤﻭﻴل ﻗﻴﻤﺔ ﺍﻟﻤﺘﻐﻴﺭ AUDIT_TRAIL ﺍﻟﻲ ﺍﻟﻘﻴﻤﺔ DB ﻤﻊ ﻤﺭﺍﻋﺎﺓ ﺃﻥ ﻫﺫﺍ ﺍﻟﻤﺘﻐﻴﺭ ﻏﻴﺭ ﺁﻟﻲ، ﺃﻱ ﻴﺤﺘﺎﺝ ﺇﻟﻰ ﺇﻏﻼﻕ ﻭﻓﺘﺢ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺤﺘﻰ ﺘﺘﺄﺜﺭ ﻗﻴﻤﺔ ﺍﻟﻤﺘﻐﻴﺭ.

    ALTER SYSTEM SET AUDIT_TRAIL=DB SCOPE=SPFILE;

    ﺜﻡ ﻨﻐﻠﻕ ﻭﻨﻔﺘﺢ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻭﻨﺘﺄﻜﺩ ﻤﻥ ﻗﻴﻤﺔ ﺍﻟﻤﺘﻐﻴﺭ.

     

    :Standard Database Auditing -1

    ﻜﻤﺎ ﺫﻜﺭﻨﺎ ﺴﺎﺒﻘﺎﹰ ﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻴﺘﺭﻜﺯ ﻋﻠﻰ ﻤﺭﺍﻗﺒﺔ ﻋﻤﻠﻴﺔ ﺍﻻﺘﺼﺎل ﺒﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻭﻜﺫﻟﻙ (System Privileges and Object Privileges) .

    ﻜﻤﺎ ﻴﺠﺏ ﺍﻟﺫﻜﺭ ﺇﻥ ﻫﻨﺎﻙ ﺨﻴﺎﺭﺍﻥ ﺃﺜﻨﺎﺀ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ   (BY ACCESS & BY SESSION) .

    BY SESSION: ﻭﻫﻰ ﺘﻌﻨﻰ ﺘﺨﺯﻴﻥ ﺤﻘل ﻭﺍﺤﺩ ﻤﻥ ﺍﻟﻤﻌﻠﻭﻤﺎﺕ ﺃﺜﻨﺎﺀ ﻋﻤﻠﻴﺎﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻟﻨﻭﻉ ﻤﻌﻴﻥ ﻤﻥ ﺍﻟﻌﻤﻠﻴﺎﺕ ﻟﻜل SESSION، ﻭﻟﺘﻀﺢ ﺍﻟﺭﺅﻴﺔ ﺃﻜﺜﺭ ﻟﻨﻔﺘﺭﺽ ﺃﻨﻨﺎ ﻗﻤﻨﺎ ﺒﻤﺭﺍﻗﺒﺔ ﻋﻤﻠﻴﺔ ﺍﻟﺘﻌﺩﻴل

    ﻋﻠﻰ ﺠﺩﺍﻭل ﻤﺴﺘﺨﺩﻡ ﻤﻌﻴﻥ ﻭﻟﻨﻔﺘﺭﺽ ﺃﻨﻪ X، ﻓﻘﺎﻡ ﺍﺤﺩ ﺍﻟﻤﺴﺘﺨﺩﻤﻴﻥ ﺒﻔﺘﺢ SESSION ﻭﺍﺴﺘﺨﺩﻡ ﻫﺫﻩ ﺍلSESSION ﻟﺘﻌﺩﻴل 5 ﺠﺩﺍﻭل ﺘﻨﺘﻤﻲ ﻟﻠﻤﺴﺘﺨﺩﻡ X .

    ﻓﺈﻥ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺴﺘﻘﻭﻡ ﺒﺘﺨﺯﻴﻥ ﺤﻘل ﻭﺍﺤﺩ ﻓﻘﻁ ﻟﻌﻤﻠﻴﺔ ﺍﻟﺘﻌﺩﻴل ﻤﺎ ﺩﺍﻡ ﺃﻨﻪ ﻗﺎﻡ ﺒﺎﻟﺘﻌﺩﻴل ﺒﻨﻔﺱ ﺍلSESSION، ﺃﻱ ﺒﻤﻌﻨﻰ ﺁﺨﺭ ﺃﻨﻬﺎ ﺘﻭﺍﺯﻯ ﻋﺒﺎﺭﺓ  GROUP BY SESSIION .

    ACCESS :BY ﻴﻤﻜﻥ ﺍﺘﺨﺎﺫ ﻨﻔﺱ ﺍﻟﻤﺜﺎل ﺍﻟﺴﺎﺒﻕ، ﻟﻜﻥ ﻫﻨﺎ ﺴﻴﺘﻡ ﺘﺨﺯﻴﻥ 5 ﺤﻘﻭل ﻜل ﺤﻘل ﻫﻭ ﻋﺒﺎﺭﺓ ﻋﻥ ﻋﻤﻠﻴﺔ ﺍﻟﺘﻌﺩﻴل ﺍﻟﺘﻲ ﺤﺩﺜﺕ ﻟﻜل ﺠﺩﻭل.

    ﻻ ﺸﻙ ﺃﻥ ﺍﻟﺨﻴﺎﺭ BY SESSION ﻗﺩ ﻻ ﻴﻜﻭﻥ ﻜﺎﻓﻴﺎﹰ ﺃﺤﻴﺎﻨﹰﺎ ﻟﻤﻌﺭﻓﺔ ﺘﻔﺎﺼﻴل ﻤﻌﻠﻭﻤﺎﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻟﺫﺍ ﻗﺩ ﻨﻠﺠﺄ ﻟﻠﺨﻴﺎﺭ BY ACCESS ﺍﻟﺫﻱ ﻨﺠﺩ ﻓﻴﻪ ﺘﻔﺎﺼﻴل ﺃﻜﺜﺭ ﻟﻜﻥ ﺒﺎﻟﻁﺒﻊ ﻴﺯﻴﺩ ﻋﻤﻠﻴﺎﺕ ﺘﺨﺯﻴﻥ ﺍﻟﻤﻌﻠﻭﻤﺎﺕ.

    ﻓﻲ ﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻜﻤﺎ ﺫﻜﺭﻨﺎ ﺍﻷﻓﻀل ﻓﻴﻪ ﻋﻤﻠﻴﺔ ﺍﻟﺘﺭﻜﻴﺯ ﻭﻴﻜﻭﻥ ﺍﻟﺘﺭﻜﻴﺯ ﺒﺘﺤﺩﻴﺩ ﺍﻟﻤﺴﺘﺨﺩﻡ ﻜﺫﻟﻙ ﺒﺘﺤﺩﻴﺩ ﻨﺠﺎﺡ ﺃﻭ ﻓﺸل ﺍﻟﻌﻤﻠﻴﺔ (SUCCESSFUL OR NOT SUCCESSFUL) .

    ﻭﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ Standard Database Auditing ﻴﺤﺘﻭﻯ ﻋﻠﻰ ﺃﻗﺴﺎﻡ فرعية:-
    • SESSION AUDITING:

    ﻭﻫﻰ ﺠﺯﺀ ﻤﻥ ﺍﻟﻨﻭﻉ ﺍﻷﻭل ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ Standard Database Auditing  ، ﺒﺤﻴﺙ ﻴﺘﻡ ﻤﺭﺍﻗﺒﺔ ﻋﻤﻠﻴﺎﺕ ﺍﻻﺘﺼﺎل ﻭﻗﻁﻊ ﺍﻻﺘﺼﺎل ﺒﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ، ﻭﻴﻤﻜﻥ ﺍﻟﺘﺭﻜﻴﺯ ﺒﺘﺤﺩﻴﺩ ﺍﻟﻤﺴﺘﺨﺩﻡ ﺍﻟﺫﻱ ﻨﺭﻴﺩ ﻤﺭﺍﻗﺒﺔ ﻋﻤﻠﻴﺎﺘﻪ

    ﺍﺘﺼﺎﻟﻪ ﻜﻤﺎ ﻴﻤﻜﻥ ﻤﺘﺎﺒﻌﺔ ﻜل ﺍﻟﻤﺴﺘﺨﺩﻤﻴﻥ ﺒﺎﺴﺘﺨﺩﺍﻡ ﺍﻷﻤﺭ AUDIT SESSION ﻜﻤﺎ ﻴﻤﻜﻥ ﺍﻟﺘﺭﻜﻴﺯ ﺃﻴﻀﺎً ﺒﺘﺤﺩﻴﺩ ﻋﻤﻠﻴﺔ ﻨﺠﺎﺡ ﺃﻭ ﻓﺸل ﻋﻤﻠﻴﺔ ﺍﻻﺘﺼﺎل.

    ﻨﻔﺘﺭﺽ ﺃﻨﻨﺎ ﻨﺭﻴﺩ ﻤﺭﺍﻗﺒﺔ ﻜل ﻋﻤﻠﻴﺎﺕ ﺍﻻﺘﺼﺎل ﺍﻟﻨﺎﺠﺤﺔ ﻭﻗﻁﻊ ﺍﻻﺘﺼﺎل ﺒﺎﻟﻨﺴﺒﺔ ﻟﻠﻤﺴﺘﺨﺩﻡ TEST ﻭﻷﻨﻨﺎ ﻨﺭﻴﺩ ﻤﻌﺭﻓﺔ ﻭﻗﺕ ﺍﻻﺘﺼﺎل ﻭﻗﻁﻊ ﺍﻻﺘﺼﺎل ﻓﺎﻷﻓﻀل ﺍﺴﺘﺨﺩﻡ ﺍﻟﺨﻴﺎﺭ ACCESS .

    AUDIT SESSION BY TEST BY ACCESS WHENEVER SUCCESSFUL;

     ﻤﺎﺫﺍ ﺍﻵﻥ ﻟﻭ ﻗﺎﻡ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﺒﺎﻻﺘﺼﺎل ﺒﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ؟

    ﺍﻵﻥ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻴﺴﺘﻁﻴﻊ ﺃﻥ ﻴﺸﺎﻫﺩ ﻤﻌﻠﻭﻤﺎﺕ ﻋﻥ ﻋﻤﻠﻴﺔ ﺍﻻﺘﺼﺎل ﺃﻋﻼﻩ

    SELECT SERNAME,TERMINAL,ACTION_NAME,EXTENDED_TIMESTAMP FROM DBA_AUDIT_SESSION;

    ستجد انه ﻅﻬﺭ ﻟﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺃﻥ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﻗﺎﻡ ﺒﺎﻻﺘﺼﺎل ﺒﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺒﺎﻟﺘﺎﺭﻴﺦ ﻭﺍﻟﺯﻤﻥ ﺍﻟﻤﺤﺩﺩ ﻤﻥ ﺍﻟﺠﻬﺎﺯ NBS ﻜﻤﺎ ﻴﻤﻜﻥ ﺍﺴﺘﻌﺭﺍﺽ ﻤﻌﻠﻭﻤﺎﺕ ﺃﺨﺭﻯ ﻋﻥ ﺍﺴﻡ ﻤﺴﺘﺨﺩﻡ ﺍﻟﺠﻬﺎﺯ ﻭﻏﻴﺭﻩ ﻤﻥ ﺍﻟﻤﻌﻠﻭﻤﺎﺕ.

    ﻤﺎﺫﺍ ﻟﻭ ﻗﺎﻡ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﺒﻘﻁﻊ ﺍﻻﺘﺼﺎل؟ ﺒﺎﻟﻁﺒﻊ ﺴﺘﻅﻬﺭ ﻟﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻤﻌﻠﻭﻤﺎﺕ ﺇﻀﺎﻓﻴﺔ .

    SELECT USERNAME,TERMINAL,ACTION_NAME,TO_CHAR(EXTENDED_TIM ESTAMP,'DD-MM-YYYY:HH-MI- SS'),TO_CHAR(LOGOFF_TIME,'DD-MM-YYYY:HH-MI-SS') FROM DBA_AUDIT_SESSION;

     

    ﺍﻵﻥ ﻴﻅﻬﺭ ﻟﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺃﻥ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﻗﺎﻡ ﺒﻘﻁﻊ ﺍﻻﺘﺼﺎل ﺒﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻓﻲ ﺍﻟﺯﻤﻥ ﺍﻟﻤﺤﺩﺩ .

    ﻴﻤﻜﻥ ﺃﻴﻀﺎﹰ ﺍﺴﺘﻌﻼﻡ ﻤﻌﻠﻭﻤﺎﺕ ﺍﻻﺘﺼﺎل ﻭﻗﻁﻊ ﺍﻻﺘﺼﺎل ﺒﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ عن طريق (DBA_AUDIT_TRAIL) .

    .ﺇﺫﺍﹰ ﻤﻌﻠﻭﻤﺎﺕ ﺍﻻﺘﺼﺎل ﻭﻗﻁﻊ ﺍﻻﺘﺼﺎل ﺒﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻤﺘﻭﻓﺭﺓ ﻓﻲ ﻜل ﻤﻥ( DBA_AUDIT_TRAIL & DBA_AUDIT_SESSION) .

    ﻴﻤﻜﻥ ﻟﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺍﻻﺴﺘﻌﻼﻡ ﻋﻥ ﺨﻴﺎﺭﺍﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺍﻟﺘﻲ ﻗﺎﻡ ﺒﺘﻬﻴﺌﺘﻬﺎ ﻓﻲ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺒﻭﺍﺴﻁﺔ:

    DBA_OBJ_AUDIT_OPTS

    DBA_STMT_AUDIT_OPTS

    DBA_PRIV_AUDIT_OPTS

    SELECT USER_NAME,AUDIT_OPTION,SUCCESS,FAILURE FROM DBA_STMT_AUDIT_OPTS;

    ﺒﺎﻟﻁﺒﻊ ﻴﻤﻜﻥ ﺇﻟﻐﺎﺀ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ، ﻓﻠﻭ ﺃﺭﺩﻨﺎ ﺇﻟﻐﺎﺀ ﻋﻤﻠﻴﺔ ﻤﺭﺍﻗﺒﺔ ﺍﺘﺼﺎل ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﺍﻟﺘﻲ ﻗﻤﻨﺎ بمﺭﺍﻗﺒﺘﻬﺎ ﺴﺎﺒﻘﺎﹰ.

    NOAUDIT SESSION BY TEST;

    ﺍﻵﻥ ﻟﻭ ﻗﻤﻨﺎ ﺒﻌﻤﻠﻴﺔ ﺍﺴﺘﻌﻼﻡ ﻟﻌﺭﺽ ﺨﻴﺎﺭﺍﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺍﻟﺘﻲ ﻗﻤﻨﺎ ﺒﺘﻬﻴﺌﺘﻬﺎ ﻓﻠﻥ ﻨﺠﺩ ﺨﻴﺎﺭ ﻤﺭﺍﻗﺒﺔ ﺍﺘﺼﺎل ﺍﻟﻤﺴﺘﺨﺩﻡ TEST .

     

    • SQL STATEMENT AUDITING:

    ﺘﺨﻴل ﻤﻌﻲ ﺃﻥ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻴﺭﻴﺩ ﻤﺭﺍﻗﺒﺔ ﻋﻤﻠﻴﺎﺕ ﺍلDDL ﻤﺜل ﺇﻨﺸﺎﺀ ﺃﻭ ﺤﺫﻑ ﺠﺩﻭل، ﻓﻲ ﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻴﻤﻜﻥ ﺍﻟﺘﺭﻜﻴﺯ ﺒﻭﺍﺴﻁﺔ ﺘﺤﺩﻴﺩ ﺍﻟﻤﺴﺘﺨﺩﻡ ﻭﻜﺫﻟﻙ ﺒﻭﺍﺴﻁﺔ ﻨﺠﺎﺡ ﺃﻭ ﻓﺸل ﺍﻟﻌﻤﻠﻴﺔ،

    ﻟﻜﻥ ﻫﺫﺍ ﻓﻲ ﺇﻁﺎﺭ ﻤﺎ ﻴﻤﻠﻙ ﺍﻟﻤﺴﺘﺨﺩﻡ، ﻓﻠﻭ ﻗﺎﻡ ﻤﺴﺘﺨﺩﻡ ﻤﺜﻼﹰ ﺒﺈﻨﺸﺎﺀ ﺠﺩﻭل ﻓﻲ SCHEMA ﻟﻤﺴﺘﺨﺩﻡ ﺁﺨﺭ ﻓﺈﻥ ﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻴﺩﺨل ﻓﻴﻤﺎ ﻴﺴﻤﻰ AUDITING PRIVILEGE SYSTEM ﻭﻫﻭ ﻤﺎ ﺴﻨﻨﺎﻗﺸﻪ

    ﻻﺤﻘﺎ، ﺃﻤﺎ ﻫﻨﺎ ﻓﻘﻁ ﻓﻲ ﺇﻁﺎﺭ ﻤﺎ ﻴﻤﻠﻙ ﺍﻟﻤﺴﺘﺨﺩﻡ ﻓﻘﻁ .

    ﻭﻟﻨﻔﺘﺭﺽ ﺃﻨﻨﺎ ﻨﺭﻴﺩ ﻤﺭﺍﻗﺒﺔ ﻋﻤﻠﻴﺔ ﺇﻨﺸﺎﺀ ﺍﻟﺠﺩﺍﻭل ﺒﻭﺍﺴﻁﺔ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﺩﺍﺨل ﻤﺴﺎﺤﺘﻪ ﺃﻱ ﻓﻲ ﻨﻔﺱ  الSCHEMA .

    AUDIT CREATE TABLE BY TEST BY ACCESS;

    ﺫﺍ ﻟﻭ ﻗﺎﻡ ﺍﻵﻥ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﺒﺈﻨﺸﺎﺀ ﺠﺩﻭل؟

    CREATE TABLE USER_MASTER (USER_NO NUMBER(٥),USER_NAME VARCHAR٢(٠٤),CONSTRAINT PK_USER_NO PRIMARY KEY(USER_NO));

    ﺴﺘﻅﻬﺭ ﺍﻟﻤﻌﻠﻭﻤﺎﺕ ﻟﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ.

    SELECT USERNAME,OWNER,TO_CHAR(TIMESTAMP,'DD-MM- YYYY:HH-MI-SS'),OBJ_NAME,ACTION_NAME FROM DBA_AUDIT_TRAIL WHERE OWNER='TEST';

    ﻟﻜﻥ ﻟﻭ ﻗﺎﻡ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﻤﺜﻼﹰ ﺒﺈﻨﺸﺎﺀ ﺠﺩﻭل ﻓﻲ SCHEMA ﺃﺨﺭﻯ ﻓﺈﻥ ﺨﻴﺎﺭﺍﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺃﻋﻼﻩ ﻟﻥ ﺘﺄﺘﻰ ﺒﻤﻌﻠﻭﻤﺎﺕ ﺍﻟﻠﻬﻡ ﺇﻻ ﺇﺫﺍ ﺭﺍﻗﺒﻨﺎ ﺍﻟﺼﻼﺤﻴﺔ TABLE ANY CREATE ﻭﻫﻭ ﻤﺎ ﺴﻨﻨﺎﻗﺸﻪ ﻓﻲ ﺍﻟﺨﻁﻭﺓ ﺍﻟﻘﺎﺩﻤﺔ .

    ﻴﻤﻜﻥ ﺍﻻﺴﺘﻌﻼﻡ ﻋﻥ ﺍﻟﺨﻴﺎﺭﺍﺕ ﺍﻟﺘﻲ ﻗﻤﻨﺎ ﺒﺘﻬﻴﺌﺘﻬﺎ ﻟﻤﺭﺍﻗﺒﺔ SQL STATEMENT ﺒﻭﺍﺴﻁﺔ:

    DBA_STMT_AUDIT_OPTS

    DBA_PRIV_AUDIT_OPTS

    ﻴﻤﻜﻥ ﺇﻟﻐﺎﺀ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺒﻭﺍﺴﻁﺔ:

    NOAUDIT CREATE TABLE BY TEST;

     

    • SYSTEM PRIVILEGE AUDITING:

    ﻭﺫﻟﻙ ﻟﻤﺭﺍﻗﺒﺔ ﻋﻤﻠﻴﺎﺕ ﺍﺴﺘﺨﺩﺍﻡ ﺍﻟﺼﻼﺤﻴﺎﺕ SYSTEM PRIVILEGES ﺩﺍﺨل ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ، ﻤﺜﻼﹰ ﺍﻟﺼﻼﺤﻴﺔ CREATE ANY TABLE  ، ﺒﺎﻟﻁﺒﻊ ﻴﻤﻜﻥ ﺘﺭﻜﻴﺯ ﻋﻤﻠﻴﺔ ﻤﺭﺍﻗﺒﺔ ﺍﻟﺼﻼﺤﻴﺎﺕ ﺒﻭﺍﺴﻁﺔ ﻤﺴﺘﺨﺩﻡ ﻤﻌﻴﻥ ﻜﺫﻟﻙ ﺒﻭﺍﺴﻁﺔ ﻨﺠﺎﺡ ﺍﻟﻌﻤﻠﻴﺔ ﺃﻭ ﻓﺸﻠﻬﺎ، ﻓﻲ ﺍﻷﺼل ﻴﺘﻡ ﺘﺨﺯﻴﻥ ﻋﻤﻠﻴﺎﺕ ﻤﺭﺍﻗﺒﺔ ﺍﻟﺼﻼﺤﻴﺎﺕ SYSTEM PRIVILEGES ﻜﺤﻘل ﻟﻜل ﻋﻤﻠﻴﺔ ﻭﺫﻟﻙ ﻻﺴﺘﺨﺩﺍﻡ ﺍﻟﺨﻴﺎﺭ BY ACCESS ﻜﻭﻀﻊ ﺍﻓﺘﺭﺍﻀﻲ؛ ﻟﻜﻥ ﺒﺎﻟﻁﺒﻊ ﻴﻤﻜﻥ ﺍﺴﺘﻌﻤﺎل ﺍﻟﺨﻴﺎﺭ SESSION BY ﻟﺘﻘﻠﻴل ﻋﻤﻠﻴﺎﺕ ﺘﺨﺯﻴﻥ ﺍﻟﻤﻌﻠﻭﻤﺎﺕ ﻓﻴﺘﻡ ﺘﺨﺯﻴﻥ ﺤﻘل ﻭﺍﺤﺩ ﻟﻜل SESSION ﺍﺴﺘﺨﺩﻤﺕ ﺍﻟﺼﻼﺤﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ. ﻭﻟﻨﻔﺘﺭﺽ ﺃﻨﻨﺎ ﻨﺭﻴﺩ ﻤﺭﺍﻗﺒﺔ ﺍﻟﺼﻼﺤﻴﺔ TABLE ANY CREATE ﻟﻠﻤﺴﺘﺨﺩﻡ TEST، ﺃﻱ ﺒﻤﻌﻨﻰ ﺁﺨﺭ ﺃﻨﻨﺎ ﻨﺭﻴﺩ ﻤﺭﺍﻗﺒﺔ ﻜل ﺍﻟﺠﺩﺍﻭل ﺍﻟﺘﻲ ﻴﻘﻭﻡ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﺒﺈﻨﺸﺎﺌﻬﺎ ﻓﻲ SCHEMA ﺃﺨﺭﻯ ﻤﺴﺘﺨﺩﻤﺎﹰ ﺍﻟﺼﻼﺤﻴﺔ CREATE ANY TABLE  ﻭﻫﻰ ﺘﻌﻨﻰ ﺇﻨﺸﺎﺀ ﺠﺩﻭل ﻓﻲ SCHEMA ﺃﺨﺭﻯ.

    AUDIT CREATE ANY TABLE BY TEST WHENEVER SUCCESSFUL;

    ﺍﻵﻥ ﻤﺎﺫﺍ ﻟﻭ ﻗﺎﻡ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﺒﺈﻨﺸﺎﺀ ﺠﺩﻭل ﻓﻲ EMP SCHEMA ﺃﻱ ﻓﻲ ﻤﺴﺎﺤﺔ ﺍﻟﻤﺴﺘﺨﺩﻡ EMP .

    CREATE TABLE EMP.EMPLOYEE (EMP_NO NUMBER(٤),EMP NAME VARCHAR(40));

    ﺒﺎﻟﻁﺒﻊ ﻴﺴﺘﻁﻴﻊ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻤﺘﺎﺒﻌﺔ ﻫﺫﻩ ﺍﻟﺨﻁﻭﺓ .

    SELECT USERNAME,OWNER,OBJ_NAME,ACTION_NAME,TO_CHAR(TIMEST AMP,'DD-MM-YYYY:HH-MI-SS') FROM DBA_AUDIT_OBJECT WHERE USERNAME='TEST';

    ستلاحظ بالفعل ان المستخدم TEST ﻗﺎﻡ ﺒﺈﻨﺸﺎﺀ ﺠﺩﻭل EMPLOYEE ﻓﻲ ﺍﻟﻤﺴﺘﺨﺩﻡ EMP ﻓﻲ ﺍﻟﺯﻤﻥ المحدد .

    ﺃﻴﻀﺎﹰ ﻴﻤﻜﻥ ﻤﺘﺎﺒﻌﺔ ﺒﺎﻗﻲ ﺍﻟﺼﻼﺤﻴﺎﺕ ﻤﺜﻼﹰ  (DROP ANY TABLE) ﻭﻏﻴﺭﻫﺎ ﻤﻥ ﺍﻟﺼﻼﺤﻴﺎﺕ SYSTEM PRIVILEGES.

    ﻟﻼﺴﺘﻌﻼﻡ ﻋﻥ ﺘﻬﻴﺌﺔ ﺨﻴﺎﺭﺍﺕ ﻤﺭﺍﻗﺒﺔ SYSTEM .

    SELECT * FROM DBA_PRIV_AUDIT_OPTS WHERE PRIVILEGE='CREATE ANY TABLE';

    كما يمكن إلغاء المراقبة .

    NOAUDIT CRATE ANY TABLE BY TEST WHENEVER SECCESSFUL;

     

    • OBJECT PRIVILEGE AUDITING:

    ﻭﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻟﻤﺭﺍﻗﺒﺔ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﻲ ﺘﺤﺩﺙ ﻋﻠﻰ ﺍﻟﻜﺎﺌﻨﺎﺕ ﻤﻥ ﺠﺩﺍﻭل TABLES ﻭﻤﻨﺎﻅﻴﺭ VIEWS ﻭﻏﻴﺭﻫﺎ ﻤﻥ ﺍﻟﻜﺎﺌﻨﺎﺕ.

    ﻴﻤﻜﻥ ﺍﻟﺘﺭﻜﻴﺯ ﺒﻭﺍﺴﻁﺔ ﺘﺤﺩﻴﺩ ﺍﻟﻤﺴﺘﺨﺩﻡ ﻭﻜﺫﻟﻙ ﺒﻭﺍﺴﻁﺔ ﻨﺠﺎﺡ ﺃﻭ ﻓﺸل ﺍﻟﻌﻤﻠﻴﺔ، ﺍﻷﺼل ﻓﻲ ﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺃﻥ ﺘﻜﻭﻥ BY SESSION ﻭﻟﻜﻥ ﻴﻤﻜﻥ ﺘﺤﺩﻴﺩ ﺍﻟﺨﻴﺎﺭ BY ACCESS.

    ﻟﻨﻔﺘﺭﺽ ﺃﻨﻨﺎ ﻨﺭﻴﺩ ﻤﺭﺍﻗﺒﺔ ﻋﻤﻠﻴﺎﺕ ﺍﻹﻀﺎﻓﺔ ﻓﻲ ﺍﻟﺠﺩﻭل USER_MASTER ﺍﻟﻤﻭﺠﻭﺩ ﻓﻲ ﺍلSCHEMA ﺍﻟﺘﻲ ﺘﺴﻤﻰ TEST.

    AUDIT INSERT ON TEST.USER_MASTER BY ACCESS;

    ﺍﻵﻥ ﻟﻭ ﻗﺎﻡ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﺒﺈﻀﺎﻓﺔ ﺒﻴﺎﻨﺎﺕ ﻓﻲ ﺍﻟﺠﺩﻭل USER_MASTER يﺴﺘﻁﻴﻊ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻤﺘﺎﺒﻌﺔ ﺫﻟﻙ .

    SELECT USERNAME,TO_CHAR(TIMESTAMP,'DD-MM-YY:HH- MI-SS'),OBJ_NAME,ACTION_NAME FROM DBA_AUDIT_TRAIL WHERE USERNAME='TEST' AND OBJ_NAME='USER_MASTER' AND ACTION_NAME='INSERT';

     

    ﻟﻼﺴﺘﻌﻼﻡ ﻋﻥ ﺨﻴﺎﺭﺍﺕ ﺘﻬﻴﺌﺔ ﻤﺭﺍﻗﺒﺔ ﺍلOBJECT PRIVILEGES.

    select * from DBA_OBJ_AUDIT_OPTS WHERE OWNER='TEST' AND OBJECT_NAME='USER_MASTER';

     

    ﻫﻨﺎﻙ ﺜﻼﺙ ﻗﻴﻡ :

    -: ﺘﻌﻨﻰ ﻋﺩﻡ ﺍﻟﻤﺭﺍﻗﺒﺔ.

    A: ﺘﻌﻨﻰ ﺃﻥ ﻤﻌﻠﻭﻤﺎﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺘﺨﺯﻥ ACCESS BY .

    S: ﺘﻌﻨﻰ ﺃﻥ ﻤﻌﻠﻭﻤﺎﺕ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺘﺨﺯﻥ SESSION .BY

    ﻻﺤﻅ ﺃﻨﻪ ﻤﻘﺎﺒل ﺍﻟﺤﻘل INS ﻭﺠﺩﺕ ﺍﻟﻘﻴﻤﺔ A/A ﺃﻱ ﺃﻨﻪ ﺘﺘﻡ ﻤﺭﺍﻗﺒﺔ ﻋﻤﻠﻴﺔ ﺍلINSERT ﺒﻭﺍﺴﻁﺔ ﺍﻟﺨﻴﺎﺭ BY ACCESS ﺴﻭﺍﺀ ﻨﺠﺤﺕ ﺍﻟﻌﻤﻠﻴﺔ ﺃﻭ ﻓﺸﻠﺕ،

    ﺃﻤﺎ ﺇﺫﺍ ﻜﺎﻥ ﺍﻟﺨﻴﺎﺭ WHENEVER SUCCESSFUL ﻓﺈﻥ ﺍﻟﻘﻴﻤﺔ ﺴﺘﻜﻭﻥ A/-

     

    يمكن ﺇﻟﻐﺎﺀ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺒﻭﺍﺴﻁﺔ.

    NOAUDIT INSERT ON TEST.USER_MASTER;

     

    ﻫﻜﺫﺍ ﻨﻜﻭﻥ ﻗﺩ ﻨﺎﻗﺸﻨﺎ ﺍﻟﺨﻴﺎﺭﺍﺕ ﺍﻟﻤﺘﺎﺤﺔ ﻟﻠﻤﺭﺍﻗﺒﺔ ﺍﻟﺘﻲ ﺘﻨﺘﻤﻲ ﻟﻠﺠﺯﺀ ﺍﻷﻭل  Standard Database Auditing وهي:

    .SESSION AUDITING

    SQL STATEMENT AUDITING

    SYSTEM PRIVILEGE AUDITING

    OBJECT PRIVILEGE AUDITING

     

    2- Value-Based Auditing:

    ﻓﻲ ﺍﻟﻨﻭﻉ ﺍﻷﻭل ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ Standard Database Auditing اﺴﺘﻁﻌﻨﺎ ﻤﺭﺍﻗﺒﺔ ﻭﺤﻔﻅ ﻤﻌﻠﻭﻤﺎﺕ ﻋﻥ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﻲ ﺘﺤﺩﺙ ﻓﻲ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ، ﻟﻜﻥ ﻗﺩ ﻨﺤﺘﺎﺝ ﺃﺤﻴﺎﻨﺎﹰ ﻟﺤﻔﻅ ﺍﻟﻘﻴﻡ ﺍﻟﺘﻲ ﻴﺘﻡ ﺘﻌﺩﻴﻠﻬﺎ ﺃﻭ

    ﺤﺫﻓﻬﺎ ﻤﻥ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ، ﻫﺫﻩ ﺍﻟﻘﻴﻡ ﻻ ﻴﺘﻡ ﺤﻔﻅﻬﺎ ﻓﻲ ﺍلStandard Database Auditing  ﻴﻌﻤل ﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ Value-Based Auditing ﻤﻌﺘﻤﺩﺍﹰ ﻋﻠﻰ ﺨﻠﻕ Trigger ﺒﺤﻴﺙ

    ﻴﺘﻡ ﺘﻨﻔﻴﺫﻩ ﺒﻌﺩ ﻋﻤﻠﻴﺔ ﺍﻟﺘﻌﺩﻴل ﺃﻭ ﺍﻟﺤﺫﻑ ﻟﻴﺤﻔﻅ ﺍﻟﻤﻌﻠﻭﻤﺎﺕ ﻭﺍﻟﻘﻴﻡ ﺍﻟﺘﻲ ﻨﺭﻴﺩﻫﺎ ﻭﻴﺤﻔﻅﻬﺎ ﻓﻲ ﺠﺩﻭل ﻨﻘﻭﻡ ﺒﺈﻨﺸﺎﺌﻪ ﺨﺼﻴﺼﹰﺎ ﻟﺘﺨﺯﻴﻥ ﻫﺫﻩ ﺍﻟﻤﻌﻠﻭﻤﺎﺕ.

    ﺒﺎﻟﻁﺒﻊ ﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ Auditing Value-Based ﻴﻘﻠل ﻤﻥ ﺃﺩﺍﺀ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺃﻜﺜﺭ ﻤﻥ ﺍﻟﻨﻭﻉ Standard Database Auditing  ﻭﺫﻟﻙ ﻷﻥ ﺍلTrigger ﻴﺘﻡ ﺘﻨﻔﻴﺫﻩ ﺒﻌﺩ ﻜل ﻋﻤﻠﻴﺔ ﺘﻌﺩﻴل ﺃﻭ ﺤﺫﻑ.

    ﻭﻟﻨﻔﺘﺭﺽ ﺍﻵﻥ ﺃﻨﻨﺎ ﻨﺭﻴﺩ ﻤﺭﺍﻗﺒﺔ ﻭﺤﻔﻅ ﺍﻟﻘﻴﻡ ﺍﻟﺘﻲ ﺘﻡ ﺘﻌﺩﻴﻠﻬﺎ ﻓﻲ ﺍﻟﺤﻘل BOOK_NAME ﺍﻟﻤﻭﺠﻭﺩﺓ ﻓﻲ ﺍﻟﺠﺩﻭل BOOK ﺍﻟﻤﻤﻠﻭﻙ ﻟﻠﻤﺴﺘﺨﺩﻡ TEST .

    ﻴﻠﺯﻡ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺃﻭﻻﹰ ﺘﺤﺩﻴﺩ ﺍﻟﻤﻌﻠﻭﻤﺎﺕ ﺍﻟﺘﻲ ﻴﺭﻴﺩ ﺤﻔﻅﻬﺎ ﻭﻟﻨﻔﺘﺭﺽ ﺃﻨﻬﺎ:-

    1-  IP Address ﻟﻠﺠﻬﺎﺯ ﺍﻟﺫﻱ ﺍﺴﺘﺨﺩﻡ ﻟﻼﺘﺼﺎل ﺒﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ.

    2- ﺍﺴﻡ ﻤﺴﺘﺨﺩﻡ ﻨﻅﺎﻡ ﺍﻟﺘﺸﻐﻴل ﺍﻟﺫﻱ ﻗﺎﻡ ﺒﺎﻻﺘﺼﺎل ﺒﻘﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ.

    3- ﺍﻟﺘﺎﺭﻴﺦ ﻭﺍﻟﺯﻤﻥ.

    4- ﻗﻴﻤﺔ ﺍﻟﺤﻘل ﻗﺒل ﺍﻟﺘﻌﺩﻴل ﻭﺒﻌﺩ ﺍﻟﺘﻌﺩﻴل.

     

    ﺜﺎﻨﻴﹰﺎ: ﻴﻠﺯﻡ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺇﻨﺸﺎﺀ ﺍﻟﺠﺩﻭل ﻟﺘﺨﺯﻴﻥ ﺍﻟﻤﻌﻠﻭﻤﺎﺕ ﻋﻥ ﻋﻤﻠﻴﺎﺕ ﺍﻟﺘﻌﺩﻴل.

     

    CREATE TABLE BOOK_AUDIT(

    OS_USER VARCHAR2(70),

    UPDATE_DATE DATE,

    IP_ADDRESS VARCHAR2(60),

    OLD_NEW_NAME VARCHAR2(100));

     

    ﺜﺎﻟﺜﺎﹰ ﻴﻘﻭﻡ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺒﺈﻨﺸﺎﺀ ﺍلTrigger.

    CREATE OR REPLACE TRIGGER BOOK_NAME_AUDIT AFTER UPDATE OF BOOK_NAME

    ON TEST.BOOK

    REFERENCING NEW AS NEW OLD AS OLD FOR EACH ROW

    BEGIN

    IF :OLD.BOOK_NAME != :NEW.BOOK_NAME THEN INSERT INTO BOOK_AUDIT

    VALUES (SYS_CONTEXT('USERENV','OS_USER'), SYSDATE, SYS_CONTEXT('USERENV','IP_ADDRESS'),

    :NEW.BOOK_NO ||' BOOK_NO) CHANGED FROM '||:OLD.BOOK_NAME||

    ' TO '||:NEW.BOOK_NAME); END IF;

    END;

     

    ﻫﻜﺫﺍ ﺘﻡ ﺇﻨﺸﺎﺀ ﺍلTrigger ﻭﻟﻨﻔﺘﺭﺽ ﺃﻥ ﺍﻟﻤﺴﺘﺨﺩﻡ TEST ﻗﺎﻡ ﺒﺘﻌﺩﻴل ﻓﻲ ﺍﻟﺠﺩﻭل BOOK.

    ﻴﺴﺘﻁﻴﻊ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻤﺘﺎﺒﻌﺔ ﺫﻟﻙ ﺍﻟﺘﻌﺩﻴل ﺒﻭﺍﺴﻁﺔ ﺍﻟﺠﺩﻭل BOOK_AUDIT.

    SELECT OS_USER,TO_CHAR(UPDATE_DATE,'DD-MM-YY:HH- MI-SS'),IP ADDRESS,OLD NEW NAME FROM BOOK_AUDIT;

     

    ﻹﻴﻘﺎﻑ ﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻴﻤﻜﻥ ﺘﻌﻁﻴل ﺃﻭ ﺤﺫﻑ ﻫﺫﺍ ﺍلTrigger.

     

    3- (Fine-Grained Auditing (FGA:

    ﺍﻷﻨﻭﺍﻉ ﺍﻟﺴﺎﺒﻘﺔ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ ﺘﺴﺘﻁﻴﻊ ﺤﻔﻅ ﻤﻌﻠﻭﻤﺎﺕ ﻋﻥ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﻲ ﺘﺤﺩﺙ ﻓﻲ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻜﻤﺎ ﻴﻤﻜﻥ ﺤﻔﻅ ﺍﻟﻘﻴﻡ ﺍﻟﺘﻲ ﺘﺘﻐﻴﺭ، ﺃﻤﺎ ﻫﺫﺍ ﺍﻟﻨﻭﻉ ﻤﻥ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻓﻬﻭ ﻟﺤﻔﻅ ﻋﺒﺎﺭﺍﺕ ﺍلSQL ﺍﻟﺘﻲ ﺘﻨﻔﺫ ﻓﻲ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻭﻴﺸﻤل ﻜل ﻤﻥ ﺍﻟﻌﺒﺎﺭﺍﺕ ﺍﻵﺘﻴﺔ (DELETE & UPDATE & INSERT & SELECT).

    ﻭﺫﻟﻙ ﺒﺎﺴﺘﺨﺩﺍﻡ DBMS_FGA PACKAGE، ﻫﺫﻩ ﺍﻟﺤﺯﻤﺔ ﺘﺤﺘﻭﻯ ﻋﻠﻰ ﺃﺭﺒﻌﺔ ﻤﻥ ﺍلProcedure:-

    1 - ADD_POLICY: ﻹﻀﺎﻓﺔ POLICY ﺠﺩﻴﺩﺓ ﻟﻤﺭﺍﻗﺒﺔ ﻋﺒﺎﺭﺍﺕ ﺍلSQL ﻓﻲ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﻭﺫﻟﻙ ﺤﺴﺏ ﺍﻟﻘﻴﻡ ﺍﻟﺘﻲ ﺴﻨﺤﺩﺩﻫﺎ ﻓﻲ ﺍﻹﺠﺭﺍﺀ.

    2- DROP_POLICY: ﻟﺤﺫﻑ AUDIT POLICY ﻤﻭﺠﻭﺩﺓ.

    .ﻜﺎﻨﺕ ﻤﻌﻁﻠﺔ AUDIT POLICY ﻟﺘﺸﻐﻴل :ENABLE_POLICY - 3

    DISABLE POLICY - 4: ﻟﺘعطيل عمل AUDIT POLICY.

    ﻭﻟﻨﻔﺘﺭﺽ ﺍﻵﻥ ﺃﻨﻨﺎ ﻨﺭﻴﺩ ﺤﻔﻅ ﻋﺒﺎﺭﺍﺕ ﺍلSELECT ﺍﻟﺘﻲ ﺘﺤﺩﺙ ﻟﻠﺠﺩﻭل BOOK ﺍﻟﻤﻤﻠﻭﻙ ﻟﻠﻤﺴﺘﺨﺩﻡ TEST، ﻭﺤﺘﻰ ﻻ ﻨﺤﻔﻅ ﻜل ﻋﺒﺎﺭﺍﺕ ﺍلSELECT ﺍﻟﺘﻲ ﺘﺤﺩﺙ ﻟﻠﺠﺩﻭل BOOK ﻓﻤﻥ ﺍﻟﻤﻤﻜﻥ ﺍﻟﺘﺭﻜﻴﺯ

    ﻋﻠﻰ ﺒﻌﺽ ﺍﻟﺤﻘﻭل ﻭﺫﻟﻙ ﺒﺈﺴﺘﺨﺩﺍﻡ ﺒﻌﺽ ﺍﻟﺸﺭﻭﻁ.

    .WHERE BOOK_NO=1  ﻤﺜﻼﹰ

    ﻭﺫﻟﻙ ﻟﺘﺭﻜﻴﺯ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ .

    ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺩﺍﺌﻤﺎﹰ ﻴﺠﺏ ﺃﻥ ﻴﺭﺍﻋﻰ ﺃﻥ ﻻ ﻴﻔﺭﻁ ﻓﻲ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ، ﺒل ﻴﺭﻜﺯ ﺩﺍﺌﻤﺎ ﻋﻠﻰ ﺍﻟﻤﻁﻠﻭﺏ. ﺍﻵﻥ ﻨﻘﻭﻡ ﺒﺘﻨﻔﻴﺫ ﺍﻹﺠﺭﺍﺀ ADD_POLICY ﻭﺫﻟﻙ ﻹﻀﺎﻓﺔ AUDIT POLICY ﺘﻘﻭﻡ ﺒﺤﻔﻅ ﻋﺒﺎﺭﺍﺕ

    ﺍلSELECT ﺍﻟﺘﻲ ﺘﻨﻔﺫ ﻋﻠﻰ ﺍﻟﺠﺩﻭل BOOK ﻭﺫﻟﻙ ﺤﺴﺏ ﺍﻟﺸﺭﻭﻁ ﺍﻟﺘﻲ ﻨﺤﺩﺩﻫﺎ. ﺒﺎﻟﻁﺒﻊ ﻫﺫﺍ ﺍﻹﺠﺭﺍﺀ Procedure ﻴﺤﺘﻭﻯ ﻋﻠﻰ ﻤﺠﻤﻭﻋﺔ ﻤﻥ ﺍﻟﻤﺘﻐﻴﺭﺍﺕ ﺍﻟﺘﻲ ﻴﺠﺏ ﺃﻥ ﻨﺤﺩﺩ ﻟﻬﺎ ﻗﻴﻡ، ﻫﺫﻩ ﺍﻟﻤﺘﻐﻴﺭﺍﺕ ﺴﻨﺘﺤﺩﺙ

    ﻋﻨﻬﺎ ﺒﺸﻲ ﻤﻥ ﺍﻟﺘﻔﺼﻴل ﻻﺤﻘﺎﹰ.

    ﻫﺫﻩ ﺍﻹﺠﺭﺍﺀﺍﺕ Procedures ﻤﻭﺠﻭﺩﺓ ﻓﻲ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺩﺍﺨل ﺍﻟﺤﺯﻤﺔ DBMG_FGA ﺃﻱ ﻻ ﻴﺤﺘﺎﺝ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺇﻟﻲ ﺃﻨﺸﺎﺅﻫﺎ ﻓﻘﻁ ﻴﺤﺘﺎﺝ ﻟﺘﻨﻔﻴﺫﻩ ﺒﻌﺩ ﺘﺤﺩﻴﺩ ﻗﻴﻡ ﺍﻟﻤﺘﻐﻴﺭﺍﺕ.

    DECLARE

    OBJECT_SCHEMA VARCHAR2(200);

    OBJECT_NAME VARCHAR2(200);

    POLICY_NAME VARCHAR2(200);

    AUDIT_CONDITION VARCHAR2(200);

    AUDIT_COLUMN VARCHAR2(200);

    HANDLER_SCHEMA VARCHAR2(200);

    HANDLER_MODULE VARCHAR2(200);

    ENABLE BOOLEAN;

    STATEMENT_TYPES VARCHAR2(200);

    AUDIT_TRAIL BINARY_INTEGER;

    AUDIT_COLUMN_OPTS BINARY_INTEGER;

    BEGIN

    OBJECT_SCHEMA := 'TEST';

    OBJECT_NAME := 'BOOK';

    POLICY_NAME := 'BOOK_SELECT';

    AUDIT_CONDITION := 'BOO_NO=1';

    AUDIT_COLUMN := 'BOOK_NAME';

    HANDLER_SCHEMA := NULL;

    HANDLER_MODULE := NULL;

    ENABLE := TRUE;

    STATEMENT_TYPES := 'SELECT';

    AUDIT_TRAIL := 1;

    AUDIT_COLUMN_OPTS := 0;

    SYS.DBMS_FGA.ADD_POLICY ( OBJECT_SCHEMA, OBJECT_NAME, POLICY_NAME, AUDIT_CONDITION, AUDIT_COLUMN, HANDLER_SCHEMA, HANDLER_MODULE, ENABLE, STATEMENT_TYPES, AUDIT_TRAIL, AUDIT_COLUMN_OPTS );

    COMMIT;

    END;

    /

     

    OBJECT_SCHEMA: ﻭﻫﻰ ﺘﻌﻨﻰ ﺍﻟﻤﺴﺘﺨﺩﻡ ﺍﻟﺫﻱ ﻴﺤﻭﻯ ﺍﻟﺠﺩﻭل ﺃﻭ ﺍﻟﻜﺎﺌﻥ ﺍﻟﺫﻱ ﻨﺭﻴﺩ ﻤﺭﺍﻗﺒﺔ ﻋﺒﺎﺭﺍﺕ ﺍلSELECT ﻋﻠﻴﻪ.

    OBJECT_NAME: ﻭﻫﻭ ﺍﻟﻜﺎﺌﻥ ﺍﻟﺫﻱ ﻨﺭﻴﺩ ﻤﺭﺍﻗﺒﺔ ﻋﺒﺎﺭﺍﺕ ﺍلSELECT ﻋﻠﻴﻪ.

    POLICY_NAME: ﻭﻫﻭ ﺍﺴﻡ ﺍلPOLICY AUDIT ﺍﻟﺘﻲ ﻨﺭﻴﺩ ﺨﻠﻘﻬﺎ.

    AUDIT_CONDITION: ﻭﻫﻰ ﻟﺘﺤﺩﻴﺩ ﺍﻟﺸﺭﻭﻁ ﻟﺘﺭﻜﻴﺯ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ.

    AUDIT_COLUMN: ﻭﻫﻭ ﺍﻟﻌﻤﻭﺩ ﺍﻟﺫﻱ ﻨﺭﻴﺩ ﺘﺭﻜﻴﺯ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ ﻋﻠﻴﻪ.

    HANDLER_SCHEMA: ﺃﺤﻴﺎﻨﹰﺎ ﻗﺩ ﻨﺤﺘﺎﺝ ﻟﺘﺤﺩﻴﺩ ﺇﺠﺭﺍﺀ Procedure ﻟﻴﻘﻭﻡ ﺒﺒﻌﺽ ﺍﻷﺤﺩﺍﺙ ﺍﻹﻀﺎﻓﻴﺔ ﺃﺜﻨﺎﺀ ﻋﻤﻠﻴﺔ ﺍﻟﻤﺭﺍﻗﺒﺔ، ﻓﻨﻘﻭﻡ ﻫﻨﺎ ﺒﺘﺤﺩﻴﺩ ﺍﻟﻤﺴﺘﺨﺩﻡ ﺍﻟﺫﻱ ﻴﺤﻭﻯ ﻫﺫﺍ ﺍﻹﺠﺭﺍﺀ.

    ENABLE : ﻟﺘﻔﻌﻴل ﻋﻤل POLICY AUDIT ﻭﻴﺄﺨﺫ ﻫﺫﺍ ﺍﻟﻤﺘﻐﻴﺭ ﺍﻟﻘﻴﻤﺔ TRUE في الوضع الإفتراضي.

    STATEMENT_TYPES : ﻟﺘﺤﺩﻴﺩ ﻨﻭﻉ ﻋﺒﺎﺭﺍﺕ ﺍلSQL ﺍﻟﺘﻲ ﻨﺭﻴﺩ ﻤﺭﺍﻗﺒﺘﻬﺎ والافتراضي SELECT.

    AUDIT_TRAIL: ﻟﺘﺨﺯﻴﻥ ﻋﺒﺎﺭﺍﺕ ﺍلSQL ﺍﻟﻤﺭﺍﻗﺒﺔ ﻓﻲ ﺍل.AUDIT_TRAIL.

    AUDIT_COLUMN_OPTS: ﻤﺎﺫﺍ ﻟﻭ ﻗﻤﺕ ﺒﺘﺤﺩﻴﺩ ﻋﺩﺩ ﻤﻥ ﺍﻷﻋﻤﺩﺓ ﻓﻲ ﺍﻟﻤﺘﻐﻴﺭ AUDIT_COLUMN، ﻫﻨﺎ ﻟﺘﺤﺩﻴﺩ ﻫل (ALL OR ANY). 

     

    ﺍﻵﻥ ﻤﺎﺫﺍ ﻟﻭ ﻗﺎﻡ ﺍﻟﻤﺴﺘﺨﺩﻡ EMP ﺒﻌﻤل ﺍﺴﺘﻌﻼﻡ ﻋﻠﻰ ﺍﻟﺠﺩﻭل BOOK ﺍﻟﻤﻨﺘﻤﻰ ﻟﻠﻤﺴﺘﺨﺩﻡ TEST ﺒﻨﻔﺱ ﺍﻟﺸﺭﻭﻁ ﺍﻟﻤﺫﻜﻭﺭﺓ ﺃﻋﻼﻩ ؟

     

    SELECT * FROM TEST.BOOK WHERE BOOK_NO=1;

     

    ﻴﺴﺘﻁﻴﻊ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺍﻵﻥ ﻤﺘﺎﺒﻌﺔ ﻫﺫﺍ ﺍﻻﺴﺘﻌﻼﻡ.

    SELECT USERHOST,OS_USER,DB_USER,TO_CHAR(TIMESTAMP,'DD-MM- YY:HH-MI-SS'),SQL_TEXT FROM DBA_FGA_AUDIT_TRAIL WHERE DB_USER='EMP;

     

    ﻟﻭ ﻗﺎﻡ ﺍﻟﻤﺴﺘﺨﺩﻡ EMP ﺒﻌﻤل ﺍﺴﺘﻌﻼﻡ ﺁﺨﺭ ﻟﻡ ﺘﺘﺤﻘﻕ ﻓﻴﻪ ﺍﻟﺸﺭﻭﻁ ﺍﻟﻤﻭﻀﺤﺔ ﻓﻲ ﺍﻹﺠﺭﺍﺀ ADD_POLICY ﻓﺈﻥ ﻤﻌﻠﻭﻤﺎﺕ ﻫﺫﺍ ﺍﻻﺴﺘﻌﻼﻡ ﻟﻥ ﺘﻅﻬﺭ ﻟﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ.

    ﺒﺎﻟﻁﺒﻊ ﻴﺴﺘﻁﻴﻊ ﻤﺩﻴﺭ ﻗﺎﻋﺩﺓ ﺍﻟﺒﻴﺎﻨﺎﺕ ﺍﻻﺴﺘﻌﻼﻡ ﻋﻥ AUDIT_POLICIES ﺍﻟﺘﻲ ﺘﻌﻤل ﻓﻲ ﻗﺎﻋﺩﺓ DBA_AUDIT_POLICIES.

     

    SELECT POLICY_NAME,OBJECT_SCHEMA,OBJECT_NAME,POLICY_COLUM N,SEL FROM DBA_AUDIT_POLICIES;

     

    ﻴﻤﻜﻥ ﺘﻌﻁﻴل ﻫﺫﻩ ﺍلPOLICY AUDIT ﺒﻭﺍﺴﻁﺔ ﺍﻹﺠﺭﺍﺀ DISABLE_POLICY.

    DECLARE

    OBJECT_SCHEMA VARCHAR2(200);

    OBJECT_NAME VARCHAR2(200);

    POLICY_NAME VARCHAR2(200);

     

    BEGIN

    OBJECT_SCHEMA := 'TEST'; OBJECT_NAME := 'BOOK'; POLICY_NAME := 'BOOK_SELECT';

     

    SYS.DBMS_FGA.DISABLE_POLICY ( OBJECT_SCHEMA, OBJECT_NAME, POLICY_NAME );

    COMMIT;

    END;

    /

     

    ﻜﻤﺎ ﻴﻤﻜﻥ ﺘﻔﻌﻴﻠﻬﺎ ﻤﺭﻩ ﺃﺨﺭﻯ ﺒﻭﺍﺴﻁﺔ ﺍﻹﺠﺭﺍﺀ ENABLE_POLICY.

     

    DECLARE

    OBJECT_SCHEMA VARCHAR2(200);

    OBJECT_NAME VARCHAR2(200);

    POLICY_NAME VARCHAR2(200);

     

    BEGIN

    OBJECT_SCHEMA := 'TEST';

    OBJECT_NAME := 'BOOK';

    POLICY_NAME := 'BOOK_SELECT';

     

    SYS.DBMS_FGA.ENABLE_POLICY ( OBJECT_SCHEMA, OBJECT_NAME, POLICY_NAME );

    COMMIT;

    END;

    /

     

    ﻭﺃﺨﻴﺭﺍ ﻴﻤﻜﻥ ﺤﺫﻑ POLICY AUDIT ﺒﻭﺍﺴﻁﺔ ﺍﻹﺠﺭﺍﺀ DROP_POLICY.

    DECLARE

    OBJECT_SCHEMA VARCHAR2(200);

    OBJECT_NAME VARCHAR2(200);

    POLICY_NAME VARCHAR2(200);

     

    BEGIN

    OBJECT_SCHEMA := 'TEST';

    OBJECT_NAME := 'BOOK';

    POLICY_NAME := 'BOOK_SELECT';

     

    SYS.DBMS_FGA.DROP_POLICY ( OBJECT_SCHEMA, OBJECT_NAME, POLICY_NAME );

    COMMIT;

    END;

    /

     

    ﺍﻵﻥ ﻟﻭ ﻗﻤﺕ ﺒﻌﻤل ﺍﺴﺘﻌﻼﻡ ﻋﻥ ﺍلAUDIT_POLICIES ﻓﻠﻥ ﺘﺠﺩ ﻫﺫﻩ ﺍلPOLICY ﻓﻲ ﻗﺎﻋﺩﺓ البيانات.

     

    ---------------------------

    Quick Links
    Get Started

    Get access to your full Free Training

    Login
    Contact Us

    info@dba-arabic.com

    Copyright DBA-ARABIC © 2023. All rights reserved.