||Oracle Tips by Burleson
Chapter 8 General Oracle Auditing
process of recording the actions by users is
known as auditing and the information that shows the actions is
known as the audit trail.
Besides being a strong deterrent to potential
miscreants, auditing also exposes whether the legitimate users
accessed some data that might be considered sensitive. This is where
the HIPAA law clearly spells out the need to audit data access –
particularly for the data that is considered to be in the domain of
Patient Health Information (PHI).
A legitimate user may be authorized to access a
particular piece of data such as a patient's HIV diagnosis record
under certain situations – such as while handling claims related to
the diagnosis. However, if the user accesses the same data at any
other time – that is a clear violation of the HIPAA laws, and
possibly an indication of unauthorized access.
With this dual intent, we will devote this part
of the book to how to record the activities of all types of users,
whether legitimate or not, to satisfy regulatory requirements as
well as trace user actions to identify possible fraud. The most
basic of the needs is to audit the object accesses and record the
user's interaction with the database.
Here Comes AUDIT
provides a built-in tool to audit access to the database objects and
some rudimentary database accesses. The tool, implemented via a
single SQL command, is AUDIT. Based on the clause present after the
command, it can write an audit trail for a vast majority of cases
and satisfy a variety of requirements.
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only $39.95 and has an
immediate download of working security scripts: