I would like to create a policy that checks on selects on an
object ...but restrict entries for a particular user

eg audit selects on octopus.claim but only for user NTSERVER\BSD-
CHRISB

Is this OS_USER restriction do-able?

I have tried following code without success

BEGIN
DBMS_FGA.ADD_POLICY(
object_schema => 'OCTOPUS',
object_name => 'claim',
policy_name => 'new_os',
audit_condition => 'SYS_CONTEXT(USERENV,OS_USER) = NTSERVER\BSD-
CHRISB',
statement_types => 'SELECT');
END;
/

cheers
Chris B

On Sep 30, 11:53*am, dba cjb <chris.br... (AT) providentinsurance (DOT) co.uk>
wrote:
If above is not due to typos and you've tried use this literally, then
this audit_condition: audit_condition => 'SYS_CONTEXT(USERENV,OS_USER)
= NTSERVER\BSD-CHRISB' won't do it, it it missing a lot of quote
characters. Something like this is at least syntactically correct:

audit_condition => 'SYS_CONTEXT(''USERENV'',''OS_USER'') = ''NTSERVER
\BSD-CHRISB'''

or using the new quotes introduced with 10g:

audit_condition => q'[SYS_CONTEXT('USERENV','OS_USER') = 'NTSERVER\BSD-
CHRISB']'

You've mentioned "without success" - the actual error that you got or
any other more detailed description might be helpful.

Regards,
Randolf

Oracle related stuff blog:
http://oracle-randolf.blogspot.com/

Co-author of the "OakTable Expert Oracle Practices" book:
http://www.apress.com/book/view/1430226684
http://www.amazon.com/Expert-Oracle-.../dp/1430226684