Release 10.1A: OpenEdge Getting Started:
Core Business Services

Inheriting audit privileges: the database administrator

When you initially install and start OpenEdge, it is the database administrator who, by default, can perform auditing operations. In general, audit privileges encompass policy administration, audit data administration, audit data access, and the ability to manually generate auditing events. Until such time as audit administrator privileges are assigned to anyone else, the database administrator can perform all audit policy functions.

Once the database administrator grants another user audit administrator privileges, however, the database administrator is no longer able to maintain the audit and policy data. The database administrator still retains control over the database’s physical structure. For example, the database administrator can no longer audit-disable a database, create or update an audit policy, or archive audit data.

From that point forward, the administration of the audit data and policies is separate from the administration of the entire database. The database administrator is responsible for access control security for the general application data and has the ability to control user access and in most cases the user accounts themselves.

In some cases, it might be that the audit administrator and the database administrator are the same person; however, in a case in which there is one audit administrator and one or more database administrators, it is only the audit administrator who can create, update, and delete audit policies. Audit administrators (and other audit privilege holders) can also grant their privileges to other users.