You are on page 1of 3

Using Oracle DDL Triggers

Auditing database changes: Oracle provides DDL triggers to audit all schema changes and can
report the exact change, when it was made, and by which user. There are several ways to audit
within Oracle and the following auditing tools are provided:

- SQL audit command (for DML)


- Auditing with object triggers (DML auditing)
- Auditing with system-level triggers (DML and DDL)
- Auditing with LogMiner (DML and DDL)
- Fine-grained auditing (select auditing)

DDL triggers: Using the Data Definition Language (DDL) triggers, the Oracle DBA can
automatically track all changes to the database, including changes to tables, indexes, and
constraints. The data from this trigger is especially useful for change control for the Oracle
DBA.

DDL triggers execute every time a DDL statement is executed, and adds new entries to your new
table, as shown below:
connect sys/manager

create or replace trigger


DDLTrigger
AFTER DDL ON DATABASE
BEGIN
insert into
perfstat.stats$ddl_log
(
user_name,
ddl_date,
ddl_type,
object_type,
owner,
object_name
)
VALUES
(
ora_login_user,
sysdate,
ora_sysevent,
ora_dict_obj_type,
ora_dict_obj_owner,
ora_dict_obj_name
);

END;
/

What is truly exciting is that we can combine the system-level triggers with STATSPACK
extension tables, thereby building a mechanism that will give complete auditing information on
user logon and logoff, DDL, and server errors.

Just as an Oracle trigger fires on a specific DM event, system-level triggers are fired at specific
system events such as logon, logoff, database startup, DDL execution, and servererror triggers

DDL triggers -- Using Oracle DDL triggers, the Oracle administrator can automatically track all
changes to the database including changes to tables, indexes, and constraints. The data from this
trigger is especially useful for change control for the Oracle DBA.
Laurent Schneider also has this alternative DDL triggers script for DDL auditing:
CREATE TABLE AUDIT_DDL (
d date,
OSUSER varchar2(255),
CURRENT_USER varchar2(255),
HOST varchar2(255),
TERMINAL varchar2(255),
owner varchar2(30),
type varchar2(30),
name varchar2(30),
sysevent varchar2(30));

create or replace trigger audit_ddl_trg after ddl on schema


begin
if (ora_sysevent='TRUNCATE')
then
null; -- I do not care about truncate
else
insert into audit_ddl(d,
osuser,current_user,host,terminal,owner,type,name,sysevent)
values(
sysdate,
sys_context('USERENV','OS_USER') ,
sys_context('USERENV','CURRENT_USER') ,
sys_context('USERENV','HOST') ,
sys_context('USERENV','TERMINAL') ,
ora_dict_obj_owner,
ora_dict_obj_type,
ora_dict_obj_name,
ora_sysevent
);
end if;
end;
/

Now whenever a change is made, the details will be written to your table, and you can create
audit reports for management. This report is critical for the Oracle DBA who must track changes
to his or her production database. This report uses the DDL trigger and produces a complete
audit log of all Oracle databases changes, as shown below:
DDL table -- Using the code snippet shown below, we create an Oracle table to capture all of the
salient metrics required to do effective change management within an Oracle environment. Note
this table contains the date that the DDL was made, the ID of the user who originated the DDL
change, the type of the object, and the object's name. This information can be quite useful for
tracking purposes.
DDL Triggers - DDL triggers execute every time a DDL statement is executed and adds new
entries to the stats$ddl_log table.

DDL Reports - This report is critical for the Oracle DBA who must track changes to their
production database. This report uses Oracle DDL triggers and produces a complete audit log of
all Oracle databases changes.