cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unix and Oracle access audit for SAP

Go to solution
Former Member

on ‎12-29-2005 12:05 AM

0 Kudos

We are running R/3 4.6C on HPUX11/Oracle 9.2.0.6. Our auditors asked us to log and audit access to the Oracle database at the OS level, bypassing the SAP layer. For example, someone logging in, sudo to ora<sid>, execute sqlplus and view or modify a financial document. They did not give us possible ways of doing this. Our SAs and DBAs are a little stumped about getting their hands around the scope of this. Does anyone have any ideas?

Thanks,

Atul Patankar

2406622448

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-29-2005 10:36 PM
0 Kudos

My advise to you would be: ignore the auditors. You just should describe the processes of security and access within your company and show to them that you follow that. Audit trails are done at application level. Most UNIX flavours do have the ability to log all activities at the OS layer; as well as su - oraSID etc. That should be more than possible.

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎12-30-2005 1:53 AM
0 Kudos

I wish I could igonre. The auditors do have a point for SOX chain. Someone can sqlplus and change the database rows for a financial document. I am surprised that this never came up before. I have proposed the Unix logging, but it is the sqlplus log that is more relevant. I am hoping some Oracle guru has a suggestion.

Atul.

Show replies
Show replies
Former Member
‎12-30-2005 6:23 AM
0 Kudos

Number one is to lockdown the access to SQLPlus in Oracle. If this is your SAP DB there should not be any changes made at the DBA level as it invalidates the product.

Number 2 remind your auditors of the change log. If all of a sudden the values change and there is no change Log in SAP it had to be done at the OS/DB level. -- Who did access during that interval.

-- There is the possibility of establishing a DB trigger for any change that would as well propagate the logged in user and write the changes to a log table. Remember to purge to tape and archive VERY often...

Enjoy

Ask a Question