| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: How do you audit a DBA?
Trusted Oracle is very much like regular Oracle. Most of the security actually comes from the OS. That being said it does have row level security so you have to match or superseed the privilage that the row has to see the row but sys has the ability to change to the higher level and you install Oracle at the higher level. So you still can't do a thing.
That being said, I remember trying to mount a CD for the first time on Trusted HP. What a laugh. Whatever you do using the regular OS add two steps. No docos and no sys admin that day. Almost gave up.
-----Original Message-----
Sent: Friday, August 24, 2001 2:26 AM
To: Multiple recipients of list ORACLE-L
I have no direct experience of this on Oracle, but I do know that trusted operating systems make it possible to prevent the sysadmin from reading files. They can be backed up to tape and restored, but they couldn't be opened by a regular process such as a text editor without the operating system intervening to prevent it. Some systems are pretty cool, they will even check security before letting you cut and paste between windows, if the applications are running at different privilege levels. Does Trusted Oracle do this?
But I agree, it's a matter of trusting your DBA. You trust your doctor and your priest, right?
g
-----Original Message-----
Sent: Thursday, August 23, 2001 6:01 PM
To: Multiple recipients of list ORACLE-L
This has been discussed before, I'll try to summarize it as I remember.
Sure, you could put triggers, turn on auditing, whatever. But the DBA by nature of his job function, can disable, remove, whatever you turn on.
So it basically comes down to trusting your DBA, or getting a new DBA.
> -----Original Message-----
> From: Dave Leach [mailto:Dave.Leach_at_claybrook.co.uk]
> Sent: Thursday, August 23, 2001 11:56 AM
> To: Multiple recipients of list ORACLE-L
> Subject: How do you audit a DBA?
>
>
> Anyone who can help,
>
> I've been asked if Oracle can somehow audit the DBA ie. Raise
> an alert if
> the DBA were to execute DML statements against sensitive tables, this
> assumes the DBA has the SYS password. I thought this was a pretty
> reasonable question but couldn't think of an answer. My
> trail of though was
> maybe an email alert to a designated member of staff sent via
> a trigger on
> the table.
>
> Any comments would be very appreciated.
>
> Dave Leach
>
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Anderson, Brian INET: andersob_at_mail.dartnet.peachnet.edu Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Guy Hammond INET: guy.hammond_at_avt.co.uk Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Kimberly Smith INET: kimberly.smith_at_gmd.fujitsu.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Fri Aug 24 2001 - 09:14:03 CDT
 |
 |