Updated on 2024-08-20 GMT+08:00

ALTER AUDIT POLICY

Description

Modifies the unified audit policy.

Precautions

  • Only the user with the poladmin or sysadmin permission, or initial user has the permission to maintain audit policies.
  • The unified audit policy takes effect only after enable_security_policy is set to on.

Syntax

Add or delete an operation type in the audit policy.

ALTER AUDIT POLICY [ IF EXISTS ] policy_name { ADD | REMOVE } { privilege_audit_clause | access_audit_clause };

Modify the filter criteria in the audit policy.

ALTER AUDIT POLICY [ IF EXISTS ] policy_name MODIFY ( filter_group_clause );

Delete the filter criteria from the audit policy.

ALTER AUDIT POLICY [ IF EXISTS ] policy_name DROP FILTER; 

Modify the description of the audit policy.

ALTER AUDIT POLICY [ IF EXISTS ] policy_name COMMENTS policy_comments;

Enable or disable the audit policy.

ALTER AUDIT POLICY [ IF EXISTS ] policy_name { ENABLE | DISABLE };

  • privilege_audit_clause
    DDL operation type and target resource label in the audit policy.
    1
    PRIVILEGES ({ DDL | ALL } [ ON LABEL ( resource_label_name [, ... ] ) ])
    

  • access_audit_clause
    DML operation type and target resource label in the audit policy.
    ACCESS ({ DML | ALL } [ ON LABEL ( resource_label_name [, ... ] ) ])

  • filter_group_clause
    Filter criteria in the audit policy.
    1
    FILTER ON { filter_type ( filter_value [, ... ] ) } [, ... ]
    

Parameters

  • policy_name

    Specifies the audit policy name, which must be unique.

    Value range: a string. It must comply with the naming convention.

  • resource_label_name

    Specifies the resource label name.

  • DDL

    Specifies the operations that are audited in the database: CREATE, ALTER, DROP, ANALYZE, COMMENT, GRANT, REVOKE, SET, and SHOW.

  • DML

    Specifies the operations that are audited in the database: SELECT, COPY, DEALLOCATE, DELETE, EXECUTE, INSERT, PREPARE, REINDEX, TRUNCATE, and UPDATE.

  • ALL

    Specifies all operations supported by the specified DDL or DML statements in the database. When the form is { DDL | ALL }, ALL indicates all DDL operations. When the form is { DML | ALL }, ALL indicates all DML operations.

  • filter_type

    Specifies the types of information to be filtered by the policy: IP, ROLES, and APP.

  • filter_value

    Specifies the detailed information to be filtered.

  • policy_comments

    Records description information of the audit policy.

  • ENABLE|DISABLE

    Enables or disables the unified audit policy.

Examples

  • Add or delete an operation type in the audit policy.
    -- Create audit policy adt1 for executing CREATE on the database.
    gaussdb=# CREATE AUDIT POLICY adt1 PRIVILEGES CREATE; 
    
    -- Add DROP to the adt1 audit policy.
    gaussdb=# ALTER AUDIT POLICY adt1 ADD PRIVILEGES (DROP);
    
    -- Delete DROP from the adt1 audit policy.
    gaussdb=# ALTER AUDIT POLICY adt1 REMOVE PRIVILEGES (DROP);
  • Modify the comments of the audit policy.
    -- Change the comment of the adt1 audit policy to adt1_comments.
    gaussdb=#  ALTER AUDIT POLICY adt1 COMMENTS 'adt1_comments';
  • Modify the filter information of the audit policy.
    -- Create a user bob_audit.
    gaussdb=#  CREATE USER bob_audit PASSWORD '********';
    
    -- Change the filtering user of the adt1 audit policy to bob_audit.
    gaussdb=#  ALTER AUDIT POLICY adt1 MODIFY (FILTER ON (ROLES(bob_audit))); 
    
    -- Delete user bob_audit.
    gaussdb=# DROP USER bob_audit;
  • Delete the filter criteria from the audit policy.
    -- Delete the filter criteria in the adt1 audit policy.
    gaussdb=#  ALTER AUDIT POLICY adt1 DROP FILTER; 
  • Disable the audit policy.
    -- Disable the adt1 audit policy.
    gaussdb=#  ALTER AUDIT POLICY adt1  DISABLE;
    
    -- Delete the adt1 audit policy.
    gaussdb=# DROP AUDIT POLICY adt1;