Help Center/ GaussDB/ Developer Guide(Distributed_V2.0-2.x)/ SQL Reference/ SQL Syntax/ ALTER AUDIT POLICY
Updated on 2025-02-27 GMT+08:00
View PDF
Share

ALTER AUDIT POLICY

Description

Alters the unified audit policy.

Precautions

  • Only users with the POLADMIN or SYSADMIN permission, or the initial user can perform this operation.
  • The unified audit policy takes effect only after enable_security_policy is enabled.

Syntax

ALTER AUDIT POLICY [ IF EXISTS ] policy_name { ADD | REMOVE } { [ privilege_audit_clause ] [ access_audit_clause ] };
ALTER AUDIT POLICY [ IF EXISTS ] policy_name MODIFY ( filter_group_clause );
ALTER AUDIT POLICY [ IF EXISTS ] policy_name DROP FILTER; 
ALTER AUDIT POLICY [ IF EXISTS ] policy_name COMMENTS policy_comments;
ALTER AUDIT POLICY [ IF EXISTS ] policy_name { ENABLE | DISABLE };
  • privilege_audit_clause 
    1
    		 
    PRIVILEGES ({ DDL | ALL } [ ON LABEL ( resource_label_name [, ... ] ) ])
  • access_audit_clause 
    ACCESS ({ DML | ALL } [ ON LABEL ( resource_label_name [, ... ] ) ])
  • filter_group_clause 
    1
    		 
    FILTER ON { filter_type ( filter_value [, ... ] ) } [, ... ]

Parameters

  • policy_name

    Specifies the audit policy name, which must be unique.

    Value range: a string that complies with the Identifier Naming Conventions.

  • DDL

    Specifies the operations that will be audited within the database: ALTER, ANALYZE, COMMENT, CREATE, DROP, GRANT, REVOKE, SET, SHOW, LOGIN_ACCESS, LOGIN_FAILURE, LOGOUT, and LOGIN.

  • DML

    Specifies the operations that are audited within the database: COPY, DEALLOCATE, DELETE_P, EXECUTE, REINDEX, INSERT, PREPARE, SELECT, TRUNCATE, and UPDATE.

  • ALL

    Specifies all operations supported by the specified DDL or DML statements in the database. When the form is { DDL | ALL }, ALL indicates all DDL operations. When the form is { DML | ALL }, ALL indicates all DML operations.

  • filter_type

    Specifies the types of information to be filtered by the policy: IP, ROLES, and APP.

  • filter_value

    Specifies the detailed information to be filtered.

  • policy_comments

    Records description information of the audit policy.

  • ENABLE|DISABLE

    Enables or disables the unified audit policy. If ENABLE|DISABLE is not specified, ENABLE is used by default.

Examples

See Examples in "CREATE AUDIT POLICY."

Helpful Links

CREATE AUDIT POLICY and DROP AUDIT POLICY

Parent topic: SQL Syntax