Results 1 to 4 of 4
  1. #1
    Join Date
    Nov 2010
    Posts
    2

    Question Unanswered: Informix database auditing

    One of our client organisations use Informix Dynamic Server version 7.31.FD6 as their DB application. The users were supposed to access the DB using the given VB interface. Only the system administrator have the direct access to the data base. The management is suspicious that the DB admin is modifying the data in the DB. How can the management monitor the activity of DB admin? Can they get a daily report on modified records (illegally) by the DB admin?

  2. #2
    Join Date
    Jul 2010
    Posts
    7
    Not in version 7. Version 11.7 does have this capability i believe.

  3. #3
    Join Date
    Nov 2010
    Posts
    16
    Quote Originally Posted by rohanac View Post
    One of our client organisations use Informix Dynamic Server version 7.31.FD6 as their DB application. The users were supposed to access the DB using the given VB interface. Only the system administrator have the direct access to the data base. The management is suspicious that the DB admin is modifying the data in the DB. How can the management monitor the activity of DB admin? Can they get a daily report on modified records (illegally) by the DB admin?

    Yes... but... lots of questions...
    1- What exactly are the "illegal" modifications?
    2- Does the DB admin need access to the data?
    3- Who controls the "informix" user? And the root user?

    Informix has built in the ability to separate roles... a database system administrator (not a dba) may be configured to not allow any data access...

    as for the auditing facility, you can create audit masks where you specify a user and the operations that are audited... Note that on that version you can't specify the tables... For example if you decide to audit INSERTS, UPDATES and DELETEs for a user any of these operations run against ANY table will be audited... It not bad if for example in your case the administrator can't change anything.... So if he behaves properly you won't have any extra load or data due to auditing...
    Version 11.7 allows the above to be done on a per table basis...

    Now... You could set up auditing, but with the default settings the informix user (and probably the admin has access to it) could turn off the auditing facility or tamper with it... For successful administrator auditing you need to implement role separation (on the physical sense).

    Final note: IDS 7.x is completely out of support...

    Regards

  4. #4
    Join Date
    Nov 2010
    Posts
    2

    Informix auditing-clarification

    1- What exactly are the "illegal" modifications?

    In this organisation the system admin and DB admin is a one person. There is a application (VB) which is used by normal office workers to access the database. Each normal user has separate login account to access the DB via VB application. The only person who has direct access to DB is the DB admin. Sometimes he change the data (entered by normal users via VB application) in the DB by directly accessing it for monetary gains. This is illegal.

    2- Does the DB admin need access to the data?

    Yes. some times management ask him to change the data by directly accessing the DB (not via the VB application). He misuse this permission to change some other data also.

    3- Who controls the "informix" user? And the root user

    same person.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •