Skip to Content
0
Former Member
Jun 29, 2007 at 06:59 AM

auditing direct database access

185 Views

I'm a database security engineer and quite unfamiliar with SAP.

From the viewpoint of SOX/IT control, I just wonder if there is any necessity to audit Oracle database using Oracle's auditing features (audit_trail=db/os).

Privileged Oracle users can login to the database bypassing SAP application. In addition, they may be able to change any financial data by executing DML commands directly.

Is such scenario realistic?

I'd like your opinions.

Thanks in advance,

ebi