Home

About Me
Blog
Projects
Awards
Publications
Volunteer

Auditing Enhancements in Oracle Database 21c: A New Era of Governance and Security

Database audit
Arvind Toorpu
2–3 minutes

Auditing Enhancements in Oracle Database 21c

🔐 Auditing Enhancements in Oracle Database 21c

Oracle Database 21c introduces powerful auditing improvements designed to increase real-time observability, enhance security compliance, and support modern enterprise governance strategies. This article covers all major enhancements to Unified Auditing in 21c, including STIG compliance, immediate policy activation, and protocol auditing.

❌ Traditional Auditing Deprecated

Oracle 21c officially deprecates traditional auditing. Although it remains available for backward compatibility, all users are encouraged to migrate to Unified Auditing. Unified Auditing consolidates audit records, simplifies policy management, and improves performance.

⚡ Unified Auditing: Immediate Policy Enforcement

In previous versions, audit policy changes only took effect in new sessions. With 21c, changes to object audit policies are applied immediately to all active sessions, requiring no additional configuration.

Note: Changes to system audit options or conditions still require new sessions to take effect.

🛡️ STIG-Compliant Audit Policies

Oracle 21c introduces predefined audit policies for Security Technical Implementation Guide (STIG) compliance:

  • ORA_STIG_RECOMMENDATIONS
  • ORA_ALL_TOPLEVEL_ACTIONS
  • ORA_LOGON_LOGOFF

These policies help align audit practices with federal and defense-grade security standards.

👤 Audit Policies Enforced on the Current User

Previously, audit policies were enforced on the top-level (login) user. Oracle 21c now applies policies to the current user executing the SQL statement, offering better audit fidelity in multi-user systems.

🌐 Auditing XML DB HTTP and FTP Protocols

Oracle 21c expands audit capabilities to include HTTP, FTP, and authentication activity on XML DB. Below are sample commands for setting up these policies:

CREATE AUDIT POLICY http_pol ACTIONS COMPONENT=PROTOCOL HTTP;
CREATE AUDIT POLICY ftp_pol ACTIONS COMPONENT=PROTOCOL FTP;
CREATE AUDIT POLICY auth_pol ACTIONS COMPONENT=PROTOCOL AUTHENTICATION;

AUDIT POLICY http_pol;
AUDIT POLICY ftp_pol;
AUDIT POLICY auth_pol WHENEVER NOT SUCCESSFUL;

You can review the defined and enabled policies using:

SELECT policy_name, audit_option, audit_option_type
FROM audit_unified_policies
WHERE policy_name IN ('HTTP_POL', 'FTP_POL', 'AUTH_POL');

SELECT policy_name, enabled_option, entity_name, entity_type, success, failure
FROM audit_unified_enabled_policies
WHERE policy_name IN ('HTTP_POL', 'FTP_POL', 'AUTH_POL');

New columns in UNIFIED_AUDIT_TRAIL:

  • PROTOCOL_SESSION_ID
  • PROTOCOL_RETURN_CODE
  • PROTOCOL_ACTION_NAME
  • PROTOCOL_USERHOST
  • PROTOCOL_MESSAGE

To remove the policies:

NOAUDIT POLICY http_pol;
NOAUDIT POLICY ftp_pol;
NOAUDIT POLICY auth_pol;

DROP AUDIT POLICY http_pol;
DROP AUDIT POLICY ftp_pol;
DROP AUDIT POLICY auth_pol;

🧬 Auditing Editioned Objects

Unified audit policies in 21c now apply to all editions of editioned objects. When a new object is created in an edition, it inherits the existing audit policies. To accurately identify editioned objects in audit logs, query:

  • OBJECT_SCHEMA
  • OBJECT_NAME
  • OBJ_EDITION

✅ Conclusion

Oracle Database 21c delivers a major leap in audit capabilities by supporting immediate enforcement, protocol-level auditing, STIG compliance, and better granularity in multi-user environments. These enhancements align perfectly with enterprise-grade security, regulatory requirements, and database governance needs.

Ready to modernize your auditing framework? Start planning your transition to Unified Auditing today.

Related:

Hello,

Arvind Toorpu

I am a Database Admin/Architect with over 14+ years of experience managing multiple DBMS systems

Let’s connect

Join the fun!

Stay updated with our latest tutorials and ideas by joining our newsletter.

Recent posts