Defined Type: ora_cis::controls::alter_role_action_audit_is_enabled
- Defined in:
- manifests/controls/alter_role_action_audit_is_enabled.pp
Summary
An Oracle database role is a collection or set of privileges that can be grantedOverview
See the file “LICENSE” for the full license governing this code.
--
ora_cis::controls::alter_role_action_audit_is_enabled
to users or other roles. Roles may include system privileges, object privileges or other roles. The ‘ALTER ROLE` statement is used to change the authorization needed to enable a role. Enabling this unified action audit causes logging of all `ALTER ROLE` statements, whether successful or unsuccessful, issued by the users regardless of the privileges held by the users to issue such statements.
## Skipping
To deliberately skip this control (e.g. meaning don’t use Puppet to enforce this setting), we provide you with three ways:
1) Add ‘ora_cis::controls::alter_role_action_audit_is_enabled: skip` to your hiera data. This will skip this control for ALL databases. 2) Add `ora_cis::controls::alter_role_action_audit_is_enabled::dbname: skip` to your hiera data. This will skip this control for specified database only. 3) Add an entry with the content `alter_role_action_audit_is_enabled` to the array value `ora_cis::skip_list` in your hiera data.
## Benchmarks
This control is used in the following benchmarks:
-
[Oracle Database 12c CIS V3.0.0](/docs/ora_cis/db12c_V3.0.0.html) - paragraph 6.2.5
-
[Oracle Database 18c CIS V1.0.0](/docs/ora_cis/db18c_V1.0.0.html) - paragraph 6.2.5
-
[Oracle Database 19c CIS V1.0.0](/docs/ora_cis/db19c_V1.0.0.html) - paragraph 6.2.5
–++–
44 45 46 47 48 49 50 51 52 53 |
# File 'manifests/controls/alter_role_action_audit_is_enabled.pp', line 44
define ora_cis::controls::alter_role_action_audit_is_enabled()
{
$sid = $title
ora_cis_setup { "alter_role_action_audit_is_enabled on ${sid}":
ensure => 'present'
}
-> ora_cis::internal::audit_policy{"actions@${sid}@alter_role":
value => ['ALTER ROLE'],
}
}
|