I am considering what information should be provided under Article 15 (3) GDPR regarding the use of Exasol and ExaPlus. I don’t have SELECT ANY DICTIONARY system privilege to figure out this question by myself.
What SQL queries are created with ExaPlus to produce the menu in the left side esp.:
(1) Users,
(2) Schemas (table & views,..),
(3) Connections,
(4) Roles?
Are these queries kept in System tables like EXA_DBA_AUDIT_SQL and EXA_DBA_AUDIT_SESSIONS? You can assume that Auditing flag is enabled.
What is the entry for USER_NAME in EXA_DBA_AUDIT_SESSIONS?
How to determine whether something was executed by ExaPlus or done by the user itself?
Is there a difference between the user's local history in ExaPlus and the entries in the Exasol system tables for the same user?
How could an administrator disable the auditing in EXA_DBA_AUDIT_SQL of technical ExaPlus menu building queries?
Graphical database clients like DB Visualizer, DBeaver, or Exaplus send queries to the Exasol database when the user clicks through the database browser to inspect schemas, tables, views, etc. These are queries on system tables like EXA_ALL_TABLES, EXA_ALL_COLUMNS and so on. Also auto-completion features in other clients send such queries.
When you look in the system table EXA_DBA_SESSIONS (or EXA_ALL_SESSIONS), you see that each Exaplus window opens two sessions: E.g., one with CLIENT = 'EXAplus 6.0.8' and one with CLIENT = '[Meta] EXAplus 6.0.8'. The requests for browsing the database are sent within the latter "Meta" session. Firstly, to not mix Meta queries and your own queries in the audit tables etc., and sencondly, to not block the schema browser when currently a query is running.
You can use the following query to find out which statemets were sent to the database within an Exaplus meta session:
SELECT q.sql_text
FROM EXA_DBA_AUDIT_SESSIONS s JOIN EXA_DBA_AUDIT_SQL q ON s.SESSION_ID=q.SESSION_ID
WHERE s.client LIKE '[Meta] EXAplus %';
For sessions of the SQL client DB Visualizer, you cannot distinguish so easy between user sessions and meta sessions. For the client DBeaver it's similar to Exaplus. You find a value like "DBeaver-Meta 6.0.1.201903251040" in the CLIENT column of EXA_ALL_SESSIONS, EXA_DBA_SESSIONS_LAST_DAY and EXA_DBA_AUDIT_SESSIONS.
Exaplus and other clients have a local history of queries. These are saved on the client machine. On the other hand, EXA_DBA_AUDIT_SQL is managed by the database. Each and every query that is sent to the database is written there. But only if auditing is enabled in database settings in Exaoperation.
It is not possible to selectively enable auditing. Either all or none of the queries are written in the system tables.
What you can do is periodically (e.g., once per night) insert all entries of the audit tables which do not belong to meta sessions in another table. And then use TRUNCATE AUDIT LOGS to empty the audit tables.
But usually, this is all not necessary, because both the user queries and the meta queries should be logged - or none of them.
Here are some queries that Exaplus sent to the Exasol database when clicking though schemas, tables, users, roles, and connections:
select COLUMN_NAME, COLUMN_TYPE, COLUMN_IS_DISTRIBUTION_KEY, COLUMN_DEFAULT, COLUMN_IS_NULLABLE, COLUMN_IDENTITY, COLUMN_COMMENT from SYS.EXA_ALL_COLUMNS where COLUMN_SCHEMA='RF' and COLUMN_TABLE='TEST' order by COLUMN_ORDINAL_POSITION;
SELECT GRANTEE, PRIVILEGE, ADMIN_OPTION from SYS.EXA_DBA_SYS_PRIVS;
select OBJECT_NAME, OBJECT_TYPE, OBJECT_ID, CREATED,LAST_COMMIT, OWNER, OBJECT_COMMENT, OBJECT_IS_VIRTUAL from SYS.EXA_ALL_OBJECTS where ((OBJECT_TYPE = 'TABLE') or (OBJECT_TYPE = 'VIEW')) and (ROOT_ID = 35510272);
select "OBJECT_NAME", "OBJECT_TYPE", "SCHEMA_NAME", "OBJECT_COMMENT"from SYS.EXA_SYSCAT;
SELECT GRANTEE, GRANTED_ROLE, ADMIN_OPTION from SYS.EXA_DBA_ROLE_PRIVS;
select OBJECT_NAME, OBJECT_TYPE, OBJECT_ID, CREATED,LAST_COMMIT, OWNER, OBJECT_COMMENT, OBJECT_IS_VIRTUAL from SYS.EXA_ALL_OBJECTS where ((OBJECT_TYPE = 'TABLE') or (OBJECT_TYPE = 'VIEW')) and (ROOT_ID = 35510272);
SELECT GRANTEE, GRANTED_CONNECTION, ADMIN_OPTION from SYS.EXA_DBA_CONNECTION_PRIVS;
SELECT C.CONSTRAINT_TYPE C_TYPE, C.CONSTRAINT_NAME C_NAME, ORDINAL_POSITION, COLUMN_NAME, REFERENCED_SCHEMA, REFERENCED_TABLE, REFERENCED_COLUMN, CONSTRAINT_ENABLED FROM SYS.EXA_ALL_CONSTRAINT_COLUMNS CC join SYS.EXA_ALL_CONSTRAINTS C on C.CONSTRAINT_SCHEMA = CC.CONSTRAINT_SCHEMA and C.CONSTRAINT_TABLE = CC.CONSTRAINT_TABLE and C.CONSTRAINT_NAME = CC.CONSTRAINT_NAME WHERE C.CONSTRAINT_SCHEMA like 'RF' and C.CONSTRAINT_TABLE like 'TEST' and CC.CONSTRAINT_SCHEMA like 'RF' and CC.CONSTRAINT_TABLE like 'TEST' ORDER BY C.CONSTRAINT_NAME,ORDINAL_POSITION
select OBJECT_NAME, OBJECT_TYPE, OBJECT_ID, ROOT_ID, CREATED, LAST_COMMIT, OWNER, OBJECT_COMMENT from SYS.EXA_DBA_OBJECTS where ((ROOT_ID = 35510272) and ((OBJECT_TYPE = 'FUNCTION') or (OBJECT_TYPE = 'PROCEDURE') or (OBJECT_TYPE = 'SCRIPT')));