| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: quick qestion about logon/logoff triggers - does system have to own them?
GS wrote:
> In order to keep the SOX beancounters-from-hell(Auditors) at bay I have
> to provide a report for my boss that shows who logged on to which
> database, from which machine, to which database, with which app, etc.
>
> I plan on putting in a simple table that will get populated by two
> triggers, one after login and one before logoff.
>
> Do the logon/logoff triggers have to be owned by system or sys? I was
> thinking I'd create an "audit" user with its own tablespace (or use the
> tools tablspace) and keep the table out of the system/sys schemas.
>
> Out of curiousity, how much of a PITA has it been for anyone else out
> there implementing SOX, and to what lengths did you go to become compliant?
>
> thanks
Instead of writing your own triggers, why not implement auditing? You can audit logons, but not logoffs. But keep in mind that any system trigger to capture logoff information might not work if the user just closes the app or their session gets killed by some other means. Unless the session is logged off gracefully, you may miss this information.
These system triggers should be owned by SYS. However, the trigger's code can insert into any table even those not owned by SYS.
HTH,
Brian
-- =================================================================== Brian Peasland dba_at_nospam.peasland.net http://www.peasland.net Remove the "nospam." from the email address to email me. "I can give it to you cheap, quick, and good. Now pick two out of the three" - Unknown -- Posted via a free Usenet account from http://www.teranews.comReceived on Wed Sep 26 2007 - 10:44:48 CDT
 |
 |