Skip to main content

Audit changes: differentiate between user change and app change

I learned an important lesson over the last few days.

You all probably know this already, but as you may also know I am generally not reticent to expose my relative ignorance.

So I follow a standard of adding four audit columns to my tables, populated by triggers, which keep track of who inserted/updated the row, and when:


I certainly did this for the qdb_users table, which is the users table for the PL/SQL Challenge and Oracle Dev Gym.

So far, so good.

But recently a player complained that she was not receiving emails with results of her quizzes. I checked and found that the preference was turned off. Had she modified her user profile lately or had my code done something to her row?

It was pretty much impossible to tell, because we keep track of the user's last visit to the site - which means the app itself updates the qdb_users.changed_by/on columns every time a user comes to the site. This would overwrite whatever the user's last changed_on value was.

Yuch.

I was using a "low level" audit column to also keep track of user-level behavior, with the result being a loss of information. 

So I added a new column (changed_on_by_user), which is updated only when the user executes an action that updates his or her profile - all controlled through my PL/SQL API:



Lesson learned: don't mix system information (row-level audit information) and application/user information. Keep them separate, making it much easier (possible!) to track activity within your application!
Labels:

Comments

  1. MarcusJuly 12, 2016 at 11:45 PM

    I find these four columns often but I doubt the usefulness. You can only see the last change and you don't know what has been changed.

    We use two different approaches: for entities where you need the audit for security reasons and/or only some out of many attributes will be updated we have [entity]_hist table that saves which user changed which attribute (together with old/new value and other facts). For entities where we regularily need to query a past state, the whole row is stored in an [entit]_hist table or in the table itself with valid from/to columns.

    This might need a lot more storage but you can be sure that you know who changed what and when.

    Marcus

    ReplyDelete
  2. Steven FeuersteinJuly 13, 2016 at 5:14 AM

    Marcus - yes, absolutely right. This is just about the most minimal auditing you can do, and does not reveal what was changed. Seems like this approach could be nicely templated and then generated for a given table. Care to write such a table for the oddgen project? oddgen.org

    ReplyDelete
  3. iudithJuly 16, 2016 at 9:41 AM

    Hello All,

    In our "advanced era", why not using the FLASHBACK ARCHIVE feature ?

    As by Murphy's laws ...
    auditing is a feature that you either invest a lot of time
    in implementing it and nobody will ever need its results,
    or you don't implement it and then everybody suddenly needs it.

    With the FLASHBACK ARCHIVE feature, it is only a matter of
    space consumption. In 12c it also can use compression for more
    optimal space usage.
    So, I think that this feature is very convenient.

    Cheers & Best Regards,
    Iudith

    ReplyDelete
  4. Steven FeuersteinJuly 17, 2016 at 3:03 PM

    Thanks, Iudith. Yes, I certainly should have mentioned the flashback archive feature! I wouldn't want to only propose this, since as you point out there is an issue of space consumption, and therefore likely limits on the amount of audit information that will be preserved. Plus, this is something that can be done by developers without having to work it through with their DBAs.

    ReplyDelete

Post a Comment

Popular posts from this blog

Running out of PGA memory with MULTISET ops? Watch out for DISTINCT!

A PL/SQL team inside Oracle made excellent use of nested tables and MULTISET operators in SQL, blending data in tables with procedurally-generated datasets (nested tables).  All was going well when they hit the dreaded: ORA-04030: out of process memory when trying to allocate 2032 bytes  They asked for my help.  The error occurred on this SELECT: SELECT  *    FROM header_tab trx    WHERE (generated_ntab1 SUBMULTISET OF trx.column_ntab)       AND ((trx.column_ntab MULTISET             EXCEPT DISTINCT generated_ntab2) IS EMPTY) The problem is clearly related to the use of those nested tables. Now, there was clearly sufficient PGA for the nested tables themselves. So the problem was in executing the MULTISET-related functionality. We talked for a bit about dropping the use of nested tables and instead doing everything in SQL, to avoid the PGA error. That would, however require lots of work, revamping algorithms, ensuring correctness, you know the score. Then my eyes snagge
4 comments
Read more

How to Pick the Limit for BULK COLLECT

This question rolled into my In Box today: In the case of using the LIMIT clause of BULK COLLECT, how do we decide what value to use for the limit? First I give the quick answer, then I provide support for that answer Quick Answer Start with 100. That's the default (and only) setting for cursor FOR loop optimizations. It offers a sweet spot of improved performance over row-by-row and not-too-much PGA memory consumption. Test to see if that's fast enough (likely will be for many cases). If not, try higher values until you reach the performance level you need - and you are not consuming too much PGA memory.  Don't hard-code the limit value: make it a parameter to your subprogram or a constant in a package specification. Don't put anything in the collection you don't need. [from Giulio Dottorini] Remember: each session that runs this code will use that amount of memory. Background When you use BULK COLLECT, you retrieve more than row with each fetch,
4 comments
Read more

Quick Guide to User-Defined Types in Oracle PL/SQL

A Twitter follower recently asked for more information on user-defined types in the PL/SQL language, and I figured the best way to answer is to offer up this blog post. PL/SQL is a strongly-typed language . Before you can work with a variable or constant, it must be declared with a type (yes, PL/SQL also supports lots of implicit conversions from one type to another, but still, everything must be declared with a type). PL/SQL offers a wide array of pre-defined data types , both in the language natively (such as VARCHAR2, PLS_INTEGER, BOOLEAN, etc.) and in a variety of supplied packages (e.g., the NUMBER_TABLE collection type in the DBMS_SQL package). Data types in PL/SQL can be scalars, such as strings and numbers, or composite (consisting of one or more scalars), such as record types, collection types and object types. You can't really declare your own "user-defined" scalars, though you can define subtypes  from those scalars, which can be very helpful from the p
24 comments
Read more