The need to guarantee the integrity of the audit trail requires that only authenticated users have access to the auditing data and policy tables. To ensure the guarantee, the use of certain database utilities is restricted to authenticated users.

Auditing incorporates user security into the database utilities. This addition implements the three primary aspects of security: authentication, authorization, and auditing. It is necessary to determine who is using the utility, if that user is allowed to perform the indicated action on the specified resource, and record the details of the action.

Not all database utilities require user security. The database utilities that do require this additional security meet one of the following criteria:

  • The utility alters the status of database auditing
  • The utility can alter the audit data or policies
  • The utility can alter the database areas defined for audit data and indexes

Access to the utilities is acquired when the user is granted a privileged auditing role. The user is identified by the database _User table, or the operating system login (effective process user-id.) Depending on the utility, the user must be granted the Audit Administrator role or the Audit Data Archiver role. For information on the definitions of these roles and how to grant auditing roles, see OpenEdge Getting Started: Core Business Services - Security and Auditing or the Data Administration online Help.