cancel
Showing results for 
Search instead for 
Did you mean: 

How do you audit your DBA?

ericfjchen
Regular Advisor

How do you audit your DBA?

For SOX, the policy ask us to audit DBA. We should know whether DBA change database raw data. Do you enable Oracle Auditing parameter to monitor database? or any third-party tool can help us to do auditing?
1 REPLY
SteveKirby
Frequent Advisor

Re: How do you audit your DBA?

I haven't gotten a good answer on this. And all of the auditors I work with are 22 year olds just out of college that are pretty weak technically and just ask the question on their questionaire.

Due to the number of transactions going through a system and the fact the a single transaction can make a huge different any auditing the log of the changes can be huge.

Ask yourself this question. What are you trying to catch? A DBA that is stealing? A DBA that is trying to mess up the books? ??

The not so good answer is:
a) Audit against outside transactions. E.g. compare against shipping documents, spot check account balances and checks. Focus on those transactions. Since the outside transactions are outside of the control of the DBA and audit will pick up problems.

b) Depending on the version of Oracle you are using you can turn on FGA (Fine Grained Auditing). This is a resource hog and generates a huge volume of data. If you want you can turn this on and the auditors love it, but it is not practical.
b2) It may be possible to turn this one only for the 'important' tables, but it will be logging EVERYONE's changes to a table.
b3) Since the DBA has access to other log ins ... it is possible for them to connect as a generic user (e.g. APPS) and make the changes. While you might be able to figure this out after the fact it would be nearly impossible to track this on a live system with many users.

c) A 'risk control' tactic that is only useful after a problem occurs.
Make sure you keep back-ups that are recoverable to any point in time. If a problem is found you can start recovering to an early point in time and roll forward until you see the data change.
If you keep logs this is fairly easy to do.

If anyone else has a good answer I am willing to hear it, but I spent a few weeks with the auditors before they finally backed down since we could not come up with any better solution.