Skip to Main Content
Forums

Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

DBMS_SCHEDULER Audit

Solomon YakobsonMar 4 2024 — edited Mar 4 2024

From DBMS_SCHEDULER documentation:

Creating a job class requires the MANAGE SCHEDULER system privilege.

So it seems all we can do in order to audit job class is audit MANAGE SCHEDULER. But look what we get in audit trail:

SQL> CONNECT / AS SYSDBA
Connected.
SQL> SHOW PARAMETER AUDIT_SYS_OPERATIONS

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_sys_operations                 boolean     TRUE
SQL> AUDIT EXECUTE ON DBMS_SCHEDULER BY ACCESS;

Audit succeeded.

SQL> AUDIT MANAGE SCHEDULER;

Audit succeeded.

SQL>
SQL> CONNECT SCOTT@SOL19PDB1/xxx
Connected.
SQL> COLUMN TS NEW_VALUE TS NOPRINT
SQL> SELECT  TO_CHAR(SYSTIMESTAMP,'YYYY-MM-DD HH24:MI:SS') TS
  2    FROM  DUAL
  3  /




SQL> BEGIN
  2      SYS.DBMS_SCHEDULER.CREATE_JOB_CLASS(
  3                                          JOB_CLASS_NAME          => 'TEST_JOB_CLASS',
  4                                          RESOURCE_CONSUMER_GROUP => 'DEFAULT_CONSUMER_GROUP',
  5                                          SERVICE                 => 'sol19pdb1',
  6                                          LOGGING_LEVEL           => SYS.DBMS_SCHEDULER.LOGGING_FULL,
  7                                          LOG_HISTORY             => 365,
  8                                          COMMENTS                => 'TEST JOB CLASS'
  9                                         );
 10  END;
 11  /

PL/SQL procedure successfully completed.

SQL> SELECT  OWNER,
  2          OBJECT_TYPE,
  3          OBJECT_NAME,
  4          TO_CHAR(CREATED,'MM/DD/YYYY HH24:MI:SS') CREATED
  5    FROM  DBA_OBJECTS
  6    WHERE OBJECT_NAME = 'TEST_JOB_CLASS'
  7  /

OWNER      OBJECT_TYP OBJECT_NAME     CREATED
---------- ---------- --------------- -------------------
SYS        JOB CLASS  TEST_JOB_CLASS  03/04/2024 13:53:51

SQL> SELECT  GRANTEE,
  2          PRIVILEGE,
  3          OWNER,
  4          TABLE_NAME
  5    FROM  DBA_TAB_PRIVS
  6    WHERE TABLE_NAME = 'TEST_JOB_CLASS'
  7  /

GRANTEE    PRIVILEGE                                OWNER      TABLE_NAME
---------- ---------------------------------------- ---------- ---------------
SCOTT      EXECUTE                                  SYS        TEST_JOB_CLASS

SQL> BEGIN
  2      SYS.DBMS_SCHEDULER.DROP_JOB_CLASS(
  3                                        JOB_CLASS_NAME => 'TEST_JOB_CLASS',
  4                                        FORCE          => TRUE
  5                                       );
  6  END;
  7  /

PL/SQL procedure successfully completed.

SQL> SELECT  USERNAME,
  2          ACTION_NAME,
  3          OWNER,
  4          OBJ_NAME,
  5          PRIV_USED,
  6          EXTENDED_TIMESTAMP
  7    FROM  DBA_AUDIT_TRAIL
  8    WHERE EXTENDED_TIMESTAMP > TIMESTAMP '&TS'
  9  /
old   8:   WHERE EXTENDED_TIMESTAMP > TIMESTAMP '&TS'
new   8:   WHERE EXTENDED_TIMESTAMP > TIMESTAMP '2024-03-04 13:53:51'

USERNAME ACTION_NAME       OWNER      OBJ_NAME       PRIV_USED        EXTENDED_TIMESTAMP
-------- ----------------- ---------- -------------- ---------------- -----------------------------------
SCOTT    LOGON                                       CREATE SESSION   04-MAR-24 01.53.51.278000 PM -05:00
SCOTT    EXECUTE PROCEDURE SYS        DBMS_SCHEDULER                  04-MAR-24 01.53.51.406000 PM -05:00
SCOTT    PL/SQL EXECUTE                              MANAGE SCHEDULER 04-MAR-24 01.53.51.419000 PM -05:00
SCOTT    EXECUTE PROCEDURE SYS        DBMS_SCHEDULER                  04-MAR-24 01.53.51.499000 PM -05:00
SCOTT    PL/SQL EXECUTE                              MANAGE SCHEDULER 04-MAR-24 01.53.51.509000 PM -05:00

SQL>

As you can see there is nothing in audit trail that tells us:

  1. Job class was created
  2. User SCOTT was granted execute on that job class
  3. Job class was dropped

Does anyone know if there is any way to get meaninful audit on DBMS_SCHEDULER?

SY.
Comments
Post Details
Added on Mar 4 2024
3 comments
461 views