Paul apparently said,on my timestamp of 25/09/2005 10:44 PM:
>
>>The ability to audit all inserts, updates, and deletes no matter
>>who does them, no matter the interface, no matter the authority,
>>even if done by expert DBAs and operating system administrators.
>>That capability does not exist in ANY open source RDBMS of which
>>I am aware.
>
>
>
> Could you give me an idea as to how this is done? Surely there must be
> at least one person who has the SYS/SYSTEM password and can remove all
> traces of what s/he has done? What is the mechanism stopping this?
Normal auditing + FGAC + sys operations logging: not even
a sys/system user can turn it off without leaving traces
of having done so. Of course, if your dbas ALSO have root
or admin access and native logon access, all bets are open.
So are your systems. But that's rather not the point, is it?
--
Cheers
Nuno Souto
in rainy Sydney, Australia
wizofoz2k_at_yahoo.com.au.nospam
Received on Sun Sep 25 2005 - 08:08:40 CDT
