OpenEdge Getting Started:<br />Core Business Services Granting audit privileges

A database administrator grants the initial audit privileges; the administrator inherits this responsibility simply by being a database administrator or a 4GL administrator. The specific steps the administrator follows differ depending on whether the administrator is working in a Windows or on a UNIX platform, and whether the administrator is a 4GL database administrator or a SQL administrator.

At the time the first audit administrator is created, any audit privileges granted to user accounts by the database administrator will remain in effect until they have been specifically revoked.

This section provides an overview of the grant process. For the specific steps, see the following additional sources of information:

If you are a 4GL administrator on a GUI platform, see the Data Administration online help.

If you are a 4GL administrator on a UNIX platform, see either the Data Dictionary online help or OpenEdge Development: Basic Database Tools .

If you are a SQL administrator, see OpenEdge Data Management: SQL Development .

Granting audit privileges in the 4GL

To grant audit-related privileges, you identify the user ID, select an audit privilege for the user, and add any optional comments. You also determine whether that user can grant privileges to other users. Any user with audit administrator privileges can grant all four privileges (including audit administrator) to other users.

Note that for all privileges except audit administrator, the Can Grant Permissions for option is, by default, not selected. The exception to this is when a user is being granted audit administrator privileges; an audit administrator automatically receives the right to grant the audit administrator privilege, or any of the other privileges, to other users. For this reason, the Can Grant Permissions for option is disabled when a user is being granted audit administrator permissions.

Remember that once the database administrator grants audit administrator privileges to a user, the database administrator no longer has audit administrator privileges. The exception to this is when there is only one audit administrator, in which case the database administrator can revoke that user’s audit administrator privileges (in the case of an emergency). This allows the database administrator access to the audit data if a situation arises in which the sole audit administrator is unexpectedly unavailable; without this provision, no one would be able to access the audit data.

Although the database administrator can revoke the user’s audit administrator privileges, the database administrator cannot revoke any of that user’s other permissions.

Granting audit privileges in SQL

Once a SQL database administrator grants the audit administrator privilege to a user:

The SQL product’s database administrator will retain the ability to SELECT (read) on all audit policy and databases.

The SQL database administrator will retain the ability to revoke an audit privilege for a user account that was granted by an audit administrator.

SQL users will retain the ability to SELECT on the audit tables, if they have audit read privileges.