Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Fine-Grained Auditing OCP Question

Re: Fine-Grained Auditing OCP Question

From: Mark D Powell <Mark.Powell_at_eds.com>
Date: 11 Mar 2003 06:28:00 -0800
Message-ID: <2687bb95.0303110628.46dec0e8@posting.google.com> 





"Buck Turgidson" <jc_va_at_hotmail.com> wrote in message news:<Vbbba.147974$P1.8963177_at_news1.east.cox.net>...


> I am wrestling with the following question (which I got wrong), and

> would like some opinions.  I chose a and d, but apparently the correct

> answer is d and e.  How could you differentiate access between internal

> and external users?

> 

> In which 2 situations would Fine-Grained Auditing be beneficial:

> 

> You need to track all accesses of the EMPLOYEE table.

> You need to identify all users who updated the CUSTOMER table on a

> specific date.

> You want to be able to compare the before and after values of each

> update of the PRICE column of the PRODUCT table.

> You want to alert the Human Resources Administrator any time someone

> accesses an executive's salary in the EMPLOYEE table.

> You want to allow unaudited access to the CONTACT_ ADDRESS column of the

> CUSTOMER table from within your organization, but track any access to

> the CONTACT_ADDRESS column that occurs via the Internet.




Well D and E do appear to be the best choices.  Simple auditing will
handle A and it is unlikely you use FGA to create history for auditing
access since table triggers with a history table will do that or
potentially log miner could be used.  Comparing before and after
values would be a task for using an update trigger.  So D and E are
left.  Both are possible.



You could use a system context to identify internal and external
users.  And contexts are associated with FGA so E is a definite.  D is
less clear than E to me, but I do not really see a better approach to
meeting this requirement.



The problem with questions of the nature of when would something be
beneficial is that depending on what the reader thinks of there may be
a way to use the feature with some of the listed choices.  But
remembering what problem Oracle said the feature was designed to solve
and thinking of associated features necessary or introduced with it
can sometimes help you make the intended choices.



IMHO -- Mark D Powell --
Received on Tue Mar 11 2003 - 08:28:00 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US