Audit Revoke Operations

Question

How can REVOKE operations on a table be audited in Oracle? Grants can be audited with...

AUDIT GRANT ON *schema.table*;

Both grants and revokes on system privileges and rolls can be audited with...

AUDIT SYSTEM GRANT;

Neither of these statements will audit object level revokes. My database is 10g. I am interested in auditing revokes done by SYS, but that is not my primary concern so the answer need not work for the SYS user.

*A trigger could catch these, but I would prefer to use the built in auditing, so if a trigger is the only way to do this, then vote up the "This can't be done" answer.

Answer 1

This can't be done.

Answer 2

According to Oracle Support all revokes can be audited by doing the following:

1. Set the parameter audit_sys_operations to true.
   
2. Set the parameter audit_trail to db_extended.
   
3. Run audit grant table;

This covers both GRANT and REVOKE privileges ON tables views and materialized views.