• 一、背景描述
• 二、部署步骤
  • 2.1、开启安全审计
  • 2.2、设置审计规则
  • 2.3、配置定时任务
  • 2.4、查看JOB调度情况
  • 2.5、查看审计记录
• 三、注意事项
• 四、官方文档参考

在企业级OceanBase数据库运维中，你是否遇到过这样的痛点：数据库表数量繁多，无法快速判断哪些表被业务实际使用，哪些属于“沉睡表”，难以评估表对象的下线可行性？

其实，借助OceanBase的audit审计功能，搭配定时任务调度，就能精准跟踪表对象的访问情况，为对象下线评估提供数据支撑。今天就给大家带来一份完整实战指南，从环境配置到任务验证，一步到位实现数据库对象的定时审计！

一、背景描述

某客户想通过 Oceanbase audit 的表审计功能来判断系统中的表是否有被应用访问，于是参考官方文档中对于audit审计功能的介绍，通过部署存储过程和定时任务的方式来对指定的表进行定时审计的方式来判断表是否有被访问。

二、部署步骤

2.1、开启安全审计

1）sys用户登录租户解锁ORAAUDITOR用户

[admin@observer01 ~ ]$ obclient -hxx.xx.xx.xx -P2883 -uSYS@oboracle01#obcluster001 -pxxxxxxx
Welcome to the OceanBase.  Commands end with ; or \g.
Your OceanBase connection id is 1172630
Server version: OceanBase 4.2.5.6 (r106000052025082216-22431cc723c4e07a82cac27d4347e8ac2f0afc30) (Built Aug 22 2025 18:05:13)

Copyright (c) 2000, 2018, OceanBase and/or its affiliates. All rights reserved.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

obclient [SYS]> alter user ORAAUDITOR account unlock;

2）修改ORAAUDITOR密码

obclient [SYS]> alter user ORAAUDITOR identified by "AAaa11__";

3）设置ORAAUDITOR用户权限

obclient [SYS]> grant create session, select any dictionary to ORAAUDITOR;
obclient [SYS]> grant create procedure to ORAAUDITOR;  --通过存储过程的方式来开启和关闭指定对象的审计操作，因此需要创建procedure权限
obclient [SYS]> grant execute on dbms_scheduler to ORAAUDITOR;  -- 通过定时任务的方式定时调用存储过程开启和关闭审计任务，因此需要执行dbms_scheduler的权限。

4）检查ORAAUDITOR用户权限

obclient [SYS]> select * from dba_sys_privs where grantee='ORAAUDITOR';
+------------+-----------------------+--------------+
| GRANTEE    | PRIVILEGE             | ADMIN_OPTION |
+------------+-----------------------+--------------+
| ORAAUDITOR | CREATE SESSION        | NO           |
| ORAAUDITOR | SELECT ANY DICTIONARY | NO           |
| ORAAUDITOR | CREATE PROCEDURE      | NO           |
+------------+-----------------------+--------------+
3 rows in set (0.132 sec)

obclient [SYS]> select * from dba_tab_privs where grantee='ORAAUDITOR';
+------------+-----------+----------------+---------+-----------+-----------+-----------+
| GRANTEE    | OWNER     | TABLE_NAME     | GRANTOR | PRIVILEGE | GRANTABLE | HIERARCHY |
+------------+-----------+----------------+---------+-----------+-----------+-----------+
| ORAAUDITOR | oceanbase | DBMS_SCHEDULER | SYS     | EXECUTE   | NO        | NO        |
+------------+-----------+----------------+---------+-----------+-----------+-----------+
1 row in set (0.149 sec)

5）启用审计功能并设置审计记录的存储位置。

obclient [SYS]> alter system set audit_trail='DB,EXTENDED';

说明：通过配置项 audit_trail 开启审计功能，执行完后立即生效。

NONE：关闭审计。

OS：审计记录写本地文件。

DB：审计记录写内部表。

DB,EXTENDED：审计记录写内部表且记录包含执行的 SQL 语句。

2.2、设置审计规则

1）ORAAUDITOR用户登录租户

[admin@observer01 ~ ]$ obclient -hxx.xx.xx.xx -P2883 -uORAAUDITOR@oboracle01#obcluster001 -pAAaa11__
Welcome to the OceanBase.  Commands end with ; or \g.
Your OceanBase connection id is 1172630
Server version: OceanBase 4.2.5.6 (r106000052025082216-22431cc723c4e07a82cac27d4347e8ac2f0afc30) (Built Aug 22 2025 18:05:13)

Copyright (c) 2000, 2018, OceanBase and/or its affiliates. All rights reserved.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

obclient [ORAAUDITOR]> 

2）创建开启审计规则的存储过程

obclient [ORAAUDITOR]> create or replace procedure ORAAUDITOR.enable_table_audit as
 begin
    execute immediate 'audit insert,update,delete,select on USERDATA.USER_TABLE_001';
 end;
/

注：

1.以上存储过程仅对USERDATA.USER_TABLE_001表开启insert,update,delete,select类型的操作审计。

2.如果多个表需要进行审计操作，可以将需要审计的表写入临时表中，通过轮询访问临时表中的表对象来对表开启审计操作。

3.除了insert/update/delete/select操作外，还可以对表进行其他类型的审计，具体参考官方文档：https://www.oceanbase.com/docs/common-oceanbase-database-cn-1000000001504072。

3）创建关闭审计规则的存储过程

obclient [ORAAUDITOR]> create or replace procedure ORAAUDITOR.disable_table_audit as
 begin
    execute immediate 'noaudit insert,update,delete,select on USERDATA.USER_TABLE_001';
 end;
/

注：以上存储过程为对USERDATA.USER_TABLE_001表关闭insert,update,delete,select类型的操作审计。

4）查看对应存储过程的状态

obclient [SYS]> select owner,object_name,object_type,status,created,last_ddl_time from dba_objects where owner='ORAAUDITOR';
+------------+---------------------+-------------+--------+---------------------+---------------------+
| OWNER      | OBJECT_NAME         | OBJECT_TYPE | STATUS | CREATED             | LAST_DDL_TIME       |
+------------+---------------------+-------------+--------+---------------------+---------------------+
| ORAAUDITOR | DISABLE_TABLE_AUDIT | PROCEDURE   | VALID  | 2026-03-03 17:51:05 | 2026-03-03 17:51:05 |
| ORAAUDITOR | ENABLE_TABLE_AUDIT  | PROCEDURE   | VALID  | 2026-03-03 17:49:44 | 2026-03-03 17:49:44 |
| ORAAUDITOR | ORAAUDITOR          | DATABASE    | VALID  | 2026-01-05 15:49:42 | 2026-01-05 15:49:42 |
+------------+---------------------+-------------+--------+---------------------+---------------------+
3 rows in set (1.219 sec)

2.3、配置定时任务

1）配置定时任务，每天早上8点开启审计。

obclient [ORAAUDITOR]> begin
 dbms_scheduler.create_job (
   job_name        => 'enable_audit_job',
   job_type        => 'stored_procedure',
   job_action      => 'oraauditor.enable_table_audit',
   number_of_argument => 0,
   start_date      => trunc(sysdate)+8/24,
   repeat_interval => 'FREQ=DAILY; INTERVAL=1', 
   enabled         => true,
   auto_drop       => FALSE,
   comments        => '定时开启表审计'
 );
  commit;
end;
/

2）配置定时任务，每天晚上20点关闭审计。

obclient [ORAAUDITOR]> begin
 dbms_scheduler.create_job (
   job_name        => 'disable_audit_job',
   job_type        => 'stored_procedure',
   job_action      => 'oraauditor.disable_table_audit',
   number_of_argument => 0,
   start_date      => trunc(sysdate)+20/24,
   repeat_interval => 'FREQ=DAILY; INTERVAL=1', 
   enabled         => true,
   auto_drop       => FALSE,
   comments        => '定时关闭表审计'
 );
  commit;
end;
/

3）查看JOB状态。

obclient [SYS]> select owner,job_name,repeat_interval,enabled,state,next_run_date from dba_scheduler_jobs where job_name like '%audit%';
+------------+-------------------+------------------------+---------+-------+------------------------------------+
| OWNER      | JOB_NAME          | REPEAT_INTERVAL        | ENABLED | STATE | NEXT_RUN_DATE                      |
+------------+-------------------+------------------------+---------+-------+------------------------------------+
| ORAAUDITOR | disable_audit_job | FREQ=DAILY; INTERVAL=1 | 1       | NULL  | 2026-03-04 20:00:00.000000 +08:00  |
| ORAAUDITOR | enable_audit_job  | FREQ=DAILY; INTERVAL=1 | 1       | NULL  | 2026-03-04 08:00:00.000000 +08:00  |
+------------+-------------------+------------------------+---------+-------+------------------------------------+

2.4、查看JOB调度情况

-- 查看JOB是否被调度

obclient [SYS]> select owner,job_name,repeat_interval,enabled,state,next_run_date from dba_scheduler_jobs where job_name like '%audit%';
+------------+-------------------+------------------------+---------+-----------+------------------------------------+
| OWNER      | JOB_NAME          | REPEAT_INTERVAL        | ENABLED | STATE     | NEXT_RUN_DATE                      |
+------------+-------------------+------------------------+---------+-----------+------------------------------------+
| ORAAUDITOR | disable_audit_job | FREQ=DAILY; INTERVAL=1 | 1       | SCHEDULED | 2026-03-05 20:00:00.000000 +08:00  |
| ORAAUDITOR | enable_audit_job  | FREQ=DAILY; INTERVAL=1 | 1       | SCHEDULED | 2026-03-05 08:00:00.000000 +08:00  |
+------------+-------------------+------------------------+---------+-----------+------------------------------------+
2 rows in set (0.016 sec)

-- 查看JOB调度历史

obclient [SYS]> select job_name,code,time,message from dba_scheduler_job_run_details where job_name like '%audit%' and time>trunc(sysdate)+13/24+10/1440 order by time desc;
+-------------------+------+----------------------------+---------+
| JOB_NAME          | CODE | TIME                       | MESSAGE |
+-------------------+------+----------------------------+---------+
| disable_audit_job |    0 | 2026-03-04 20:00:00.280350 | SUCCESS |
| enable_audit_job  |    0 | 2026-03-04 08:00:00.264210 | SUCCESS |
+-------------------+------+----------------------------+---------+
2 rows in set (0.016 sec)

从上面结果可以看到：每天8点开启审计和每天20点关闭审计的JOB任务成功被定时调度。

2.5、查看审计记录

obclient [SYS]> select username,owner,obj_name,action_name,count(*) from dba_audit_trail where owner='USERDATA' and obj_name='USER_TABLE_001' and timestamp>'2026-03-04 08:00:00' group by username,owner,obj_name,action_name order by 1,2,3,4;
+-----------+----------+----------------+-------------+----------+
| USERNAME  | OWNER    | OBJ_NAME       | ACTION_NAME | COUNT(*) |
+-----------+----------+----------------+-------------+----------+
| USER01    | USERDATA | USER_TABLE_001 | INSERT      |       25 |
| USER01    | USERDATA | USER_TABLE_001 | UPDATE      |        4 |
| USER01    | USERDATA | USER_TABLE_001 | SELECT      |    85338 |
| USER02    | USERDATA | USER_TABLE_001 | DELETE      |        8 |
| USER02    | USERDATA | USER_TABLE_001 | INSERT      |     1444 |
| USER02    | USERDATA | USER_TABLE_001 | SELECT      |    97436 |
+-----------+---------+-----------------+-------------+----------+
6 rows in set (5.419 sec)

从上面结果中可以看到，表有正常被审计到相关的CURD操作。

三、注意事项

1、高频的审计操作会带来性能损耗，需进行严格的测试，生产环境谨慎使用。

2、可以通过部署SQLAuditStore工具来定期对gv$ob_sql_audit中的数据进行持久化到本地文件系统中，再对指定对象进行分析。

四、官方文档参考

1、安全审计
https://www.oceanbase.com/docs/common-oceanbase-database-cn-1000000001500082

https://www.oceanbase.com/docs/common-oceanbase-database-cn-1000000001500210

2、DBMS_SCHEDULER

https://www.oceanbase.com/docs/common-oceanbase-database-cn-1000000001503788

如果在部署过程中遇到问题，欢迎在评论区留言交流，后续我们会持续分享更多实战运维干货，记得关注不迷路，下次见~