Quote:
Originally Posted by rohanac
One of our client organisations use Informix Dynamic Server version 7.31.FD6 as their DB application. The users were supposed to access the DB using the given VB interface. Only the system administrator have the direct access to the data base. The management is suspicious that the DB admin is modifying the data in the DB. How can the management monitor the activity of DB admin? Can they get a daily report on modified records (illegally) by the DB admin? |
Yes... but... lots of questions...
1- What exactly are the "illegal" modifications?
2- Does the DB admin need access to the data?
3- Who controls the "informix" user? And the root user?
Informix has built in the ability to separate roles... a database system administrator (not a dba) may be configured to not allow any data access...
as for the auditing facility, you can create audit masks where you specify a user and the operations that are audited... Note that on that version you can't specify the tables... For example if you decide to audit INSERTS, UPDATES and DELETEs for a user any of these operations run against ANY table will be audited... It not bad if for example in your case the administrator can't change anything.... So if he behaves properly you won't have any extra load or data due to auditing...
Version 11.7 allows the above to be done on a per table basis...
Now... You could set up auditing, but with the default settings the informix user (and probably the admin has access to it) could turn off the auditing facility or tamper with it... For successful administrator auditing you need to implement role separation (on the physical sense).
Final note: IDS 7.x is completely out of support...
Regards
dBforums
>
Informix database auditing
11-18-10, 05:49
Informix database auditing
Linear Mode
