Release 10.1A: OpenEdge Getting Started:
Core Business Services

Configuring auditing at the production site

Configuring auditing at the production site involves four overall steps:

  1. Setting up audit administration

  2. Loading audit event definitions

  3. Loading predefined audit policies

  4. Setting up audit data access

Setting up audit administration

Production sites might choose to combine the duties of administering audit data with that of administering the entire database, or they might choose to separate the responsibilities into two distinct functions. By default, the OpenEdge database provides the database administrator with rights to be the audit administrator.

If you prefer not to use the default and instead want to separate the functions, do the following:

  1. Designate the first user account that will be an audit administrator.

  2. Using Data Administration, grant that user account the audit administrator privilege and the right to grant it to other users. For more information, see the Data Administration Help.

    3. Note: It is recommended that you have an alternate audit administrator in place to handle any unforeseen emergency situations.

  3. Disconnect from the database and then authenticate as the designated audit administrator. You can now grant auditing privileges to other users and begin configuring the auditing policy for the database.

Loading audit event definitions

When your OpenEdge application supports application-defined auditing events, it must register (that is, load/import) them in each auditing-enabled OpenEdge database. If your vendor has not already preconfigured this into the databases for which you have enabled auditing, you must locate the audit policy configuration.ad or .xml files that should have shipped with the product. You will use Data Administration to load the audit event definitions for .ad files; you can use either Audit Policy Maintenance or Data Administration to load .xml file definitions.

Loading predefined audit policies

OpenEdge database schemas can be very complex and make the task of knowing what to configure to meet your auditing goals a challenge. For this reason, your application’s vendor might choose to supply preconfigured audit policies that you can simply load, modify to meet your needs, and activate. The loading of these policies would follow the same approach described in the "Loading audit event definitions" section for audit event definitions. After the policy templates are loaded, you can use Audit Policy Maintenance or the vendor’s audit policy tool to perform the policy changes and activation to meet your sites auditing requirements.

Setting up audit data access

You will normally have people whose job it is to access audit data, create reports, and analyze those reports. Most of them do not, and should not, have the privileges to change audit policy or maintain the audit data. That is why you can grant audit read privileges to individual user accounts. Determine which individuals require this ability and have the audit administrator grant that privilege to those user accounts.

Copyright © 2005 Progress Software Corporation
 www.progress.com
Voice: (781) 280-4000
Fax: (781) 280-4095