on 12-29-2005 12:05 AM
We are running R/3 4.6C on HPUX11/Oracle 9.2.0.6. Our auditors asked us to log and audit access to the Oracle database at the OS level, bypassing the SAP layer. For example, someone logging in, sudo to ora<sid>, execute sqlplus and view or modify a financial document. They did not give us possible ways of doing this. Our SAs and DBAs are a little stumped about getting their hands around the scope of this. Does anyone have any ideas?
Thanks,
Atul Patankar
2406622448
My advise to you would be: ignore the auditors. You just should describe the processes of security and access within your company and show to them that you follow that. Audit trails are done at application level. Most UNIX flavours do have the ability to log all activities at the OS layer; as well as su - oraSID etc. That should be more than possible.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I wish I could igonre. The auditors do have a point for SOX chain. Someone can sqlplus and change the database rows for a financial document. I am surprised that this never came up before. I have proposed the Unix logging, but it is the sqlplus log that is more relevant. I am hoping some Oracle guru has a suggestion.
Atul.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Number one is to lockdown the access to SQLPlus in Oracle. If this is your SAP DB there should not be any changes made at the DBA level as it invalidates the product.
Number 2 remind your auditors of the change log. If all of a sudden the values change and there is no change Log in SAP it had to be done at the OS/DB level. -- Who did access during that interval.
-- There is the possibility of establishing a DB trigger for any change that would as well propagate the logged in user and write the changes to a log table. Remember to purge to tape and archive VERY often...
Enjoy
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.