Skip to Content
author's profile photo Former Member
Former Member

Auditing all objects withing a schema with a wildcard '*'

Hi.

According to CREATE AUDIT POLICY - SAP HANA SQL and System Views Reference - SAP Library, for the HANA platform it's possible to audit all objects within a schema by using <schema_name>.* when creating the audit policy.

For an example, I have a schema called SCHEMA and a table called MY_TABLE in it:

When I to audit a single object, like a table,it works well:

CREATE AUDIT POLICY all_my_table AUDITING ALL DELETE, INSERT, SELECT, UPDATE ON SCHEMA.MY_TABLE LEVEL CRITICAL;

But when I try to add the audit policy I get a syntax error:

CREATE AUDIT POLICY all_objs_in_schema AUDITING ALL DELETE, INSERT, SELECT, UPDATE ON SCHEMA.* LEVEL CRITICAL;

Has anyone encountered something like that?

Thanks!

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Dec 01, 2014 at 10:25 AM

    Hi Ariel,

    This feature is available in SPS09.

    Check the page no. 27 of below document:

    https://hcp.sap.com/content/dam/website/saphana/en_us/Technology%20Documents/SPS09/SAP%20HANA%20SPS%2009%20-%20Security.…

    Its written: "You can now specify a schema if you want to audit all database objects belonging to the schema"


    Regards,

    Vivek

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Nov 26, 2014 at 04:32 AM

    Hi Ariel,

    I also tried this and it throws an error.

    I checked creating Audit Policy via Graphical Method and there I could not Select Schema to be audited. I have to individually select the objects to be audited.

    Then I opened the PDF version of the guide and found that below statement is not present there:

    "for the HANA platform it's possible to audit all objects within a schema by using <schema_name>.* when creating the audit policy." Open page 319-

    http://help.sap.com/hana/SAP_HANA_SQL_and_System_Views_Reference_en.pdf

    In the HTML Guide, <audit_object_name> ::= <table_name> | <view_name> | <procedure_name> | <schema_name>.*

    while in PDF Guide <object_name> ::= <table_name> | <view_name> | <procedure_name>

    As "Only objects of type table, view, and procedure can be specified in the <target_audit_action_entry>". Selecting * means selecting all Objects, So I guess this functionality is not supported yet and it is written incorrectly in the Guide in HTML Version.

    It will be better to contact SAP for this.

    Regards,

    Vivek

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 09, 2014 at 02:59 PM

    I can confirm this does indeed work as expected on SPS9.

    Thanks again Vivek.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.