Try OpenEdge Now
skip to main content
Core Business Services - Security and Auditing
Overview : OpenEdge Core Business Services : Auditing service : Audit security
 
Audit security
An essential component to auditing success is the knowledge that the generated audit data is secure and protected from outside tampering. The OpenEdge auditing solution allows you to determine which authenticated users have access to audit policy configuration and audit data management, including the truncation, deletion, or archiving and loading of audit data, by assigning these specific predefined audit privileges: audit administrator, application audit event inserter, audit data archiver, and audit data reporter.
Granting of audit privileges occurs within Data Administration (in Windows) or character Data Dictionary (in character mode) for ABL administrators or through the SQL GRANT statement for SQL administrators.
To detect when an audit data record has been tampered with at the binary storage level by an unsecure or unregulated program, you can optionally seal the audit data records by using either a message digest or a message authentication code (MAC). Both allow detection of unauthorized changes if someone has attempted to modify audit data outside of an ABL or SQL application. The MAC is a message digest with a secret key, so it is more secure than the message digest.
You can also assign each database instance its own unique identifier, which provides a way to uniquely associate a database with its audit data, no matter where the audit data is archived.
For information about audit data security, see Audit Security.