OpenEdge requires that any user who runs an audit archiving tool, particularly one that deletes and creates audit data records, must have the Audit Data Archiver privilege. You might also authorize users of your own audit archiving utility to have privileged access to the files and directories that constitute your long-term audit data storage or require them to have privileged knowledge of the MAC keys that you use to transport audit data from short-term to long-term storage.

The audit data can be sealed using a MAC key (database passkey), depending on the audit data security level. You can specify this database passkey using the Admin > Database Identification menu option in the Data Administration tool or character-mode Data Dictionary. An encrypted form of this value is stored in the _db-detail table for the database. When you dump and later load the archived audit data, you need this value to ensure the integrity of the data.

You can prompt for the database passkey as part of the archiving process and encrypt it in the same form that is used by OpenEdge and stored in the _db-detail table. To encrypt the user-supplied value, pass it to the ENCRYPT-AUDIT-MAC-KEY( ) method on the AUDIT-POLICY system handle. You can then compare this value to the value stored in the _db-detail table.