Audit Top-level Statements reduce audit trial size in Oracle 19c
When using PL/SQL, auditing only top-level statements can reduce entries in the audit trail by focusing solely on the procedure call, rather than on all actions executed within it.
- What are Top-Level Statements?
- Top-level statements are those executed directly by a user, not statements executed within a PL/SQL procedure or function.
- For example, a
SELECTstatement issued directly by a user is a top-level statement, but aSELECTstatement inside a PL/SQL procedure is not.
Following is the way to use an audit top-level statement:
-- create an Audit policy using toplevel
CREATE AUDIT POLICY audit_top_level_statements
ACTIONS ALL
ON ALL
ONLY TOPLEVEL;
-- Enable the Audit policy
AUDIT POLICY audit_top_level_statements;Example you want to enable audit for HR user for TOP level. Not include statements executed by the procedure which is inside the procedure. It will give you in audit only procedure name that is executed to avoid overhead of managing and understanding easily what is going.
Create an audit policy for HR user
create audit policy HR_toplevel_audit
actions all
when q'~ sys_context('userenv', 'session_user') = 'HR' ~'
evaluate per session
only toplevel;Enable the Audit policy
audit policy HR_toplevel_audit;Verify the audit policy:
select event_timestamp,action_name,object_schema,object_name
from unified_audit_trail where dbusername = 'HR'
order by event_timestamp;