maybe/maybe not, here is why,
if i'm going to make changes(and try not to get caught),i'd be granting
update on table to someone else, change their password, login as them, change
the password back and it would totally look like someone else did it.
If you can't trust the DBA, there is bigger problems than that at the
organization.
joe
>>> Waleed.Khedr_at_FMR.COM 08/23/01 03:43PM
>>>If it's really that bad, then we are talking about setting
something up thatthe DBA wouldn't know about!I do not know if the
logminer could help here!Regards,Waleed-----Original
Message-----Sent: Thursday, August 23, 2001 1:36 PMTo: Multiple
recipients of list ORACLE-LWaleed,
Regrettably in our 'legalistic' world this is not possible if all
youhaveis a suspicion, you need facts to back them up. And getting
facts in thiscasecan be very difficult at best. What could be a
solution in this case isthatsomeone has a suspicion that this person is
modifying data inside thesesensitive tables during some time frame.
Well it may be wise to send themofffor a week to a training class where
they would be isolated from thedatabase inquestion. If the
alteration of data records ceases then there is probablecausefor a more
direct line of questioning, etc... If not you may be suspectingsomeone
who is really a front for an other person who has acquired
thatDBA'spassword. My first line would be to have all of the DBA's
change theirpasswords as well as the passwords for sys and
system. I wonder, if I tried to connect to that
database assys/change_on_install orsystem/manager, would I
succeed??Dick Goulet____________________Reply
Separator____________________Author: "Khedr; Waleed"
<Waleed.Khedr_at_FMR.COM>Date:
8/23/2001 9:11 AMIf you don't trust the DBA then fire him!DBA
has access to do everything including the audit records which he/she
canmodify easily!Waleed-----Original Message-----Sent:
Thursday, August 23, 2001 12:52 PMTo: Multiple recipients of list
ORACLE-Lyou'd better audit changes to the trigger, and then changes
to SYS.AUD$otherwise the DBA could disable the trigger, make the changes
and re-enable it>From: Dave Leach
<Dave.Leach_at_claybrook.co.uk>>Reply-To:
ORACLE-L_at_fatcity.com>To: Multiple recipients of list ORACLE-L
<ORACLE-L_at_fatcity.com>>Subject: How do you audit a
DBA?>Date: Thu, 23 Aug 2001 07:56:29 -0800>>Anyone who can
help,>>I've been asked if Oracle can somehow audit the DBA ie.
Raise an alert if>the DBA were to execute DML statements against
sensitive tables, this>assumes the DBA has the SYS password. I
thought this was a pretty>reasonable question but couldn't think of an
answer. My trail of though >was>maybe an email alert to a
designated member of staff sent via a trigger on>the
table.>>Any comments would be very
appreciated.>>Dave
Leach>>>>>**********************************************************************>The
above information is confidential to the addressee and may
be>privileged. Unauthorised access and use is
prohibited.>>Internet communications are not secure and therefore
this Company does>not accept legal responsibility for the contents of
this message.>>If you are not the intended recipient, any
disclosure, copying,>distribution or any action taken or omitted to be
taken in reliance on>it, is prohibited and may be
unlawful.>>Claybrook Computing Limited is a subsidiary
of>Claybrook Computing (Holdings) Limited>Registered Office: Abbey
House. 282 Farnborough Road, Farnborough,>Hampshire GU14
7NJ>Registered in England and Wales No 1287205>>A Hogg
Robinson plc
company>**********************************************************************>-->Please
see the official ORACLE-L FAQ: <A
href="
http://www.orafaq.com">
http://www.orafaq.com>-->Author:
Dave Leach> INET:
Dave.Leach_at_claybrook.co.uk>>Fat City Network
Services -- (858) 538-5051 FAX: (858)
538-5051>San Diego, California
-- Public Internet access / Mailing
Lists>-------------------------------------------------------------------->To
REMOVE yourself from this mailing list, send an E-Mail message>to:
ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in>the
message BODY, include a line containing: UNSUB ORACLE-L>(or the name of
mailing list you want to be removed from). You may>also send the
HELP command for other information (like
subscribing)._________________________________________________________________Get
your FREE download of MSN Explorer at <A
href="
http://explorer.msn.com/intl.asp">
http://explorer.msn.com/intl.asp--
Please see the official ORACLE-L FAQ: <A
href="
http://www.orafaq.com">
http://www.orafaq.com-- Author: Rachel
Carmichael INET: carmichr_at_hotmail.comFat City Network
Services -- (858) 538-5051 FAX: (858) 538-5051San
Diego, California -- Public Internet
access / Mailing
Lists--------------------------------------------------------------------To
REMOVE yourself from this mailing list, send an E-Mail messageto:
ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and inthe message
BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list
you want to be removed from). You mayalso send the HELP command for
other information (like subscribing).-- Please see the official ORACLE-L
FAQ:
http://www.orafaq.com-- Author:
Khedr, Waleed INET: Waleed.Khedr_at_FMR.COMFat City Network
Services -- (858) 538-5051 FAX: (858) 538-5051San
Diego, California -- Public Internet
access / Mailing
Lists--------------------------------------------------------------------To
REMOVE yourself from this mailing list, send an E-Mail messageto:
ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and inthe message
BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list
you want to be removed from). You mayalso send the HELP command for
other information (like subscribing).-- Please see the official ORACLE-L
FAQ:
http://www.orafaq.com-- Author:
INET: dgoulet_at_vicr.comFat City Network
Services -- (858) 538-5051 FAX: (858) 538-5051San
Diego, California -- Public Internet
access / Mailing
Lists--------------------------------------------------------------------To
REMOVE yourself from this mailing list, send an E-Mail messageto:
ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and inthe message
BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list
you want to be removed from). You mayalso send the HELP command for
other information (like subscribing).-- Please see the official ORACLE-L
FAQ:
http://www.orafaq.com-- Author:
Khedr, Waleed INET: Waleed.Khedr_at_FMR.COMFat City Network
Services -- (858) 538-5051 FAX: (858) 538-5051San
Diego, California -- Public Internet
access / Mailing
Lists--------------------------------------------------------------------To
REMOVE yourself from this mailing list, send an E-Mail messageto:
ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and inthe message
BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list
you want to be removed from). You mayalso send the HELP command for
other information (like subscribing).
Received on Thu Aug 23 2001 - 14:14:19 CDT
