When you initially install and start OpenEdge, it is the security administrator who, by default, can perform auditing operations. In general, audit privileges encompass policy administration, audit data administration, audit data access, and the ability to manually generate auditing events. Until such time as audit administrator privileges are assigned to anyone else, the security administrator can perform all audit policy functions.

Once the security administrator grants another user audit administrator privileges, however, the security administrator is no longer able to maintain the audit and policy data. The security administrator still retains control over the databases physical structure. For example, the security administrator can no longer audit-disable a database, create or update an audit policy, or archive audit data.

From that point forward, the administration of the audit data and policies is separate from the administration of the entire database. The security administrator is responsible for access control security for the general application data and has the ability to control user access and, for the database _User table accounts, the user accounts themselves.

In some cases, it might be that the audit administrator and the security administrator are the same person; however, in a case in which there is one audit administrator and one or more security administrators, it is only the audit administrator who can create, update, and delete audit policies. Audit administrators (and other audit privilege holders) can also grant their privileges to other users.