Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> SOX Compliance and Segregation of Duties

SOX Compliance and Segregation of Duties

From: Parvez Bashir <pbashir_at_hotmail.com>
Date: Sat, 01 Apr 2006 14:52:32 -0500
Message-ID: <BAY108-F3881C6CAC862C7A13387F0BCD70@phx.gbl> 





Folks,



We are currently using the following "watch the DBA" approach for SOX.



    
  
  1.   Lock SYS/SYSTEM except for upgrades/one-off patches/patch sets
  
  2.   Each DBA logins in "AS SYSDBA". We have turned on SYS_AUDIT_OPERATIONS
  
  3.   We are auditing all DDL including "AUDIT all on sys.aud$ by access"






Here is the problem with this approach:



    
  
  1.   Logins for db user " X AS SYSDBA"  create the AUD$ audit record for SYS 
(not X). Is there any way to work around this problem?
  
  2.   The OS audit files are created with "oracle" OS account privileges and 
can be removed by the "oracle" account. Is this possible to send the 
information to non-Oracle logs? There is some mention in metalink that this 
is possible for certain operating systems but it is not clear which ones.






Also, is there any white paper for "Oracle DBA SOX Compliance"?



Regards,


Parvez



--
http://www.freelists.org/webpage/oracle-l


Received on Sat Apr 01 2006 - 13:52:32 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US