User masks
The global masks are always applied to user actions that are performed during a session in which auditing is turned on. Audit masks are applied in the following order:
- An individual user mask or if none, the _default mask
- The _require mask
- The _exclude mask
When a user initiates access to a database, the database server checks whether an individual user mask exists with the same username as the account that the user uses. If an individual user mask exists, the database server reads the audit instructions in it first and ignores the _default mask. If no individual user mask exists, the database server reads and applies the audit instructions in the _default mask to that user.
In addition to default and individual masks, the database server reads and applies the audit instructions in the _require and _exclude masks. These masks are global because they apply to all users. Audit events in the _require mask are audited, even if they are not found in the _default or individual user masks. Audit events in the _exclude mask are not audited, even if the previously read masks specifically require them.
Users cannot tell if individual user masks exist for their accounts. Also, users are not required to do anything to enable auditing of their actions. After an audit administrator turns on auditing, it operates automatically and users cannot disable it.
When the database server is installed, no audit masks exist. An audit administrator must specify all masks, including the default mask and the global masks.