Release 10.1A: OpenEdge Development:
Programming Interfaces

Setting up application security for auditing

To provide auditing in an application, you generally need to consider three primary security requirements:

Establish the auditing identity (ID).
Verify that auditing is enabled for at least one connected database.
Ensure that auditing privileges have been set appropriately to allow the auditing operations required.

The auditing identity (auditing ID) represents the user identity that OpenEdge associates with all audit events that it records in an audit-enabled database. Together with audit data integrity features, the auditing ID helps to ensure that the contents of the audit trail cannot be repudiated, either through unauthorized modification of the audit data or denial that a given user identity was involved with generating the audit data. Whatever user identity is the auditing ID for a given audit-enabled database becomes associated with all audit events, whether generated automatically by OpenEdge or explicitly by your application.

OpenEdge provides the option to establish the auditing ID for a database from one of the following sources:

Database connection identity (ID).
Progress session identity (ID).

Because all OpenEdge auditing is configured and stored in a connected OpenEdge RDBMS, you must consider a combination of database configuration and application coding options to establish the effective auditing ID for an application.

The following sections describe:

Configuring the auditing identity
Asserting the auditing identity
Verifying that auditing is enabled
Configuring auditing privileges