Network devices
Have you ever wondered why it is important to restrict the number of employees with system privileges in an organization? Have you ever thought about the possibility of employees misusing their privileges?
Privileges must be carefully assigned to the employees. Having several people with system privileges can cause a confusion as to whom should be contacted if a critical situation arises. Moreover, there is also a possibility of privileges being misused intentionally or otherwise.
To avoid these problems, it is advised to restrict the number of employees with system privileges or simply put, the number of system administrators. While this might sound sufficient to keep things under control, it is essential to monitor the system privilege statements regularly.
Privilege auditing is a way to audit the statements that use a system privilege. For instance, if you want to audit all the SELECT statements that use the SELECT ANY TABLE privilege, you can audit the SELECT ANY TABLE privilege.
You can also audit the use of any system privilege. You can also audit the activities of all the database users or of a specified list of users. Similar to the SQL statement auditing, the AUDIT and NOAUDIT statements can be used to enable or disable privilege auditing. However, you must also have the AUDIT SYSTEM system privilege before you can enable auditing
The privilege audit options match with the corresponding system privileges. For instance, the option to audit use of the DELETE ANY TABLE privilege is DELETE ANY TABLE. For instance,
AUDIT DELETE ANY TABLE BY ACCESS WHENEVER SUCCESSFUL; If you want to audit all the uses of DELETE ANY TABLE including the unsuccessful ones, enter the following statement:
AUDIT DELETE ANY TABLE BY ACCESS; Check out the statement below.
AUDIT SELECT TABLE, INSERT TABLE, DELETE TABLE, EXECUTE PROCEDURE BY ACCESS WHENEVER NOT SUCCESSFUL; You can enter this statement to audit all successful SELECT, INSERT, and DELETE statements on all the tables in the database. It also audits the unsuccessful use of the EXECUTE PROCEDURE system privilege, by all database users, and by individual audited statements.
In a multi-tier environment, you need to specify a proxy in the Add Audited Statements or Add Audited Privileges in Database Control, to audit the activities of a client. You can use the SQL AUDIT statement for this. You also need to use the BY user clause in the AUDIT statement.
For instance, to audit SELECT TABLE statements issued by the proxy application user maguire,
AUDIT SELECT TABLE BY maguire; This enables the user to connect using the appserve proxy user as:
CONNECT appserve[maguire]
Enter password: password Interested in a
log management
solution?
Manage logs, comply with IT regulations, and mitigate security threats.
Our support technicians will get back to you at the earliest.
Zoho Corporation Pvt. Ltd. All rights reserved.