Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Auditing Oracle business processes?

RE: Auditing Oracle business processes?

From: <tdisanto_at_aecrealty.com>
Date: Wed, 10 Aug 2005 10:03:15 -0400
Message-ID: <5958B0F8016CF24D84AF8CEFE6A4CA0DFE23@EXCV1.aecrealty.com> 





My Company has been getting beat up by PwC for over a year.  They keep
screaming how do you track program changes at the database level.



Our Company didn't use FGA because in theroy the dba could turn off this
function if he wanted to be dishonest etc..



We script off the Log miner for any activity (deletion, changes etc)for dba
super users etc.   Then script off users that might be added, deleted
because in theroy a new user could be created etc and then the script
wouldn't extract any data. You need to create a secure location to spool the
data results so the dba cannot manipulate the outcome. There are some short
comings with this solution but it gets you closer to where they would like
your controls to be at and get off your A$$. Also, you need to look at the
Company's control environment as a whole along wiht these procedures.



-----Original Message-----



From: Denham Eva [mailto:EVAD_at_TFMC.co.za]
Sent: Wednesday, August 10, 2005 8:50 AM
To: oracle-l_at_freelists.org


Subject: Auditing Oracle business processes?




Hello Group



I have had an unusual request (at least it is for me).
I have been asked if there is some way to audit the Oracle Processes
within the Database.


Some thing along the line of, how can I prove that when the user enters
data into the database that all the relevant triggers kick off and all
the relevant procedures/packages etc are accessed, also the application
is operating correctly at db level.


Now my logic says that checking that garbage IN and checking Garbage OUT
and the correctness of the garbage would be an indication of "correct
procedural execution"; does not seem to excite Management quite as I had
hoped.


Also Management seems to have the impression that databases have an
internal system of being able to do this??
Is this so? Beyond the obvious Auditing functions of who did what when
etc (Tried explaining that, got the glazed look).



Does anyone have (Know of) some other method?



TIA



Best Regards


Denham


--



http://www.freelists.org/webpage/oracle-l


--



http://www.freelists.org/webpage/oracle-l
Received on Wed Aug 10 2005 - 09:13:05 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US