Audit Questions

Similar Messages

• EHS- Audit question and findings table?

  Hi Gurus
  I wanted to know what is the table for Audit questions and findings and also wanted to know where do these corresponding texts are getting stored in SAP.
  Thanks
  Murali

  Hello Murali,
  please check the following tables
  PLMM_AUDIT - for Audit results
  For questions:
  PLMM_QUEST_H
  PLMM_QUEST_I
  PLMM_QUEST_RES
  for text
  CGPL_TEXT
  CGPL _ PROJECT
  Regards
  gajesh

• UPLOAD AUDIT QUESTIONS

  kindly  guide me  how to upload  audit questions  in sap system my query is sap also provide one temple in that templet what is contents to be  filled i cont understood any body work that temple  kindly  guide me in that  templet  we have filed like that external id description ext position   hierarchy level  task level assessm entsug desc

  Please check the sap note: 597982. You can find the SAP supplied XL template as a zip atatchment in the note and step by step guidance on how to upload audit questions using import/export functionality of audit management.
  Thanks,
  Ram

• Read attachment details of Audit Question (PLMD_AUDIT)

  Hi Experts,
  Kindly request you to assist me on the below.
  I'm trying to build a solution using ABAP for a requirement, where the logic has to find the attachment details of an audit question or action on the audit transaction (PLMD_AUDIT).
  For example, please see the attached:
  Screen shot 1.--> I'm not able to build the solution to check whether an audit question/action is having an attachment.
  Screen shot 2.--> If the attachment exists, then how to get the attachment and send an email.
  Appreciate your valuable inputs.
  Thank you
  Mahendra

  Hi Experts,
  Kindly request you to assist me on the below.
  I'm trying to build a solution using ABAP for a requirement, where the logic has to find the attachment details of an audit question or action on the audit transaction (PLMD_AUDIT).
  For example, please see the attached:
  Screen shot 1.--> I'm not able to build the solution to check whether an audit question/action is having an attachment.
  Screen shot 2.--> If the attachment exists, then how to get the attachment and send an email.
  Appreciate your valuable inputs.
  Thank you
  Mahendra

• Oracle Auditing question.

  Hi All,
  I have a application schema called SPRE. I want to audit insert/update/delete/alter on any SPRE objects by any database user but I dont want to audit any action performed by "SPRE" user itself.
  I know how to setup this.....like run below as system
  audit inser,update,delete on SPRE.table1;
  audit inser,update,delete on SPRE.table2;
  audit inser,update,delete on SPRE.table3;
  but questions I have is...
  1. How to audit if sys user perform any insert,update,delete?
  2. How to stop audit entry if SPRE user performed insert,update,delete
  Thanks,
  Anuj

  sys.aud$, dba_audit_trail
  OR
  SELECT view_name FROM   dba_views WHERE  view_name LIKE 'DBA%AUDIT%' ORDER BY view_name;
  SELECT view_name
  FROM   dba_views
  WHERE  view_name LIKE 'DBA%AUDIT%'
  ORDER BY view_name;
  VIEW_NAME
  DBA_AUDIT_EXISTS
  DBA_AUDIT_OBJECT
  DBA_AUDIT_POLICIES
  DBA_AUDIT_POLICY_COLUMNS
  DBA_AUDIT_SESSION
  DBA_AUDIT_STATEMENT
  DBA_AUDIT_TRAIL
  DBA_COMMON_AUDIT_TRAIL
  DBA_FGA_AUDIT_TRAIL
  DBA_OBJ_AUDIT_OPTS
  DBA_PRIV_AUDIT_OPTS
  DBA_REPAUDIT_ATTRIBUTE
  DBA_REPAUDIT_COLUMN
  DBA_STMT_AUDIT_OPTSHTH
  -Anantha
  Edited by: Anantha R on Mar 29, 2010 3:23 PM

• OID audit question

  Hello, people!
  I have question about auditing in Oracle Internet Directory.
  1. I turn audit on in my OID.
  2. Restart OID.
  3. Searching for Audit Log Entries by Using ldapsearch. The DN for the audit log container is cn=auditlog. To search for audit log entries, perform a subtree or one-level search, with the container object cn=auditlog as the base of the search. Work fine.
  4. But when i add some user to some group, i get record like:
  orclSequence=348,cn=auditlog
  objectclass=top
  objectclass=orclauditoc
  orcluserdn=cn=orcladmin
  orcleventtype=Modify
  orclauditmessage=Modifying entry cn=XMLP_ADMIN,cn=Groups,dc=rd,dc=local
  orclsequence=348
  orclopresult=Success
  orcleventtime=20091125141137z
  Did any one knows, how determine what changes done?
  Thanks,
  Jeff.

  it will be good if you are adding HR as OU , in case if you have IT or someother Organization Unit it will can be easily added and identified.
  Once you add it as OU autimatically all required class will be added automatically , further if you have any custom attribute you can add your own custom class

• Audit Question - Access to SU01

  I have a question in regards to access to SU01.  We currently have a team to setup users and assign roles.  We are SOx regulated and have been questioned about having individual having this access.
  Does it make sense to have one user setting up the ID without any authorizations assigned and then another person add the roles?  We have compliance calibrator installed and no issues from that, but I am aware sometimes it is a business process decision from our auditors.
  To me this does not make sense to me at all.  Not sure if this would be the same for all our other applications either at this point including BW, IPC, XI, network access etc. etc. etc.

  Chris,
  This causes a lot of confusion and consternation across the industry. Having been on both sides of the fence from an audit perspective, I tend to take a pragmatic approach.
  The key issue is about being able to amend roles and assign to users. Wherever possible, this should be avoided. It is up to you how you manage that but if you have a situation whereby a single person can create a role / profile and assign it to a user they control, then you have a potential audit issue.
  You can split it in any way you like but you are basically trying to stop that SoD.
  Some choose to have a dedicated team who are able to create users but not create or assign authorisations, a separate team who can assign authorisations and not create users or roles and a third team who can only create roles but not create or assign to users.
  While that is ideal, it is not always practical so it is often somewhere in the middle.
  As long as your central team cannot amend the roles and authorisations that they are assigning (or assign super user access like SAP_ALL) without appropriate controls in place, then you can generally have a fairly reasonable discussion with your auditors.
  Simon

• ABS quirks / auditing question / kernel request

  My original post is below but it's wrong. All I'm asking now is if someone can enable CONFIG_AUDIT in the kernel or tell me a program that lets you spy on files just as well as auditd.
  Today when I was making packages, something I haven't done in awhile and badly needed to do again, I noticed exclamation marks appearing beside the filenames in the medit tabs. Those exclamation marks mean that since I last saved the text file in medit, another process edited the file on the disk. Subsequent saving required me to click "yes I'm sure I want to overwrite" in this popup window. This was responsive to my saves. Every time I saved something (a PKGBUILD, a patch, anyting under the /var/abs tree) it was changed half a second later.
  I tried to find out what was going on. Inotify-tools told me when the PKGBUILD was being modified but not by what process. Lsof and Glsof had no hope because they don't watch a specific file in real time, they only tell you things that are currently open so I'd need inhuman reflexes to get useful information out of them.
  One thing that looks perfect for me is auditd. This page http://www.cyberciti.biz/tips/linux-aud … -file.html says how you can use it to see what process edited what file. I spent a couple hours fine tuning the PKGBUILD of it only to hit the error where auditd says "Connection refused." Every other poster reporting this did so because his or her kernel did not have audit support and sure enough in the kernel26 package, CONFIG_AUDIT is not set.
  So I need to ask three things:
  1. Does anyone know why my files are being accessed this way in /var/abs?
  2. Does anyone know a program compatible with the default kernel26 that could help me investigate?
  3. If it's not too much trouble, would the kernel26 maintainers consider adding CONFIG_AUDIT so I don't have to start using a custom kernel over this one triviality?
  Thanks alot.
  Last edited by ConnorBehan (2008-12-27 00:13:11)

  ConnorBehan wrote:
  Oh thanks monster, Thunar was open for me too. And it happened again today in /home so it's nothing to do with ABS. I guess my question now is:
  Could someone enable CONFIG_AUDIT in kernel26 or tell me a way to audit with the kernel I have out of curiosity?
  No problem, I'm glad I could help.  I was a little unsure of what was going on myself until I stumbled on to the connection.  If you figure out what is going on could you try and pass that along?  I am curious to know the answer but not knowledgeable enough to dig into kernel audits to figure it out

• Simple auditing question...

  Hello,
  We are running 11.2.0.2 on AIX 7.1.
  I'm trying to understand why our auditing is not behaving the way I think it should.
  First, we have the default auditing turned on as part of 11GR2.
  It seems to be capturing some things, but not always everything.
  In some cases, it captures the creation of a table by a user, but in other cases, it may not.
  Even though the same user created a table, or dropped a table.
  Today, trying to figure this out, I created a test user and logged in as that test user (in SQL*Plus) and created a simple table, then inserted a record into it and did a commit. I then logged out.
  But when I check the audit views, I don't see the audit actions, or even the session logon information.
  I've checked using both Toad and by selecting from the dba_audit_objects and dba_audit_session views in SQL*Plus.
  What am I missing?
  That last DDL statement I see that was captured in the audit records was on July 20th.
  In this case, it captured the drop and creation of a public synonym, but not of the underlying table that was also dropped.
  I don't believe anyone has changed any of the audit settings.
  First, let's confirm everything:
  sho parameter audit
  NAME                                 TYPE        VALUE
  audit_file_dest                      string      /u01/app/oracle/admin/xxxxxxxx
                                                   /adump
  audit_sys_operations                 boolean     FALSE
  audit_syslog_level                   string
  audit_trail                          string      DB
  SQL> SELECT privilege from dba_priv_audit_opts where user_name is NULL;
  PRIVILEGE
  ALTER SYSTEM
  AUDIT SYSTEM
  CREATE SESSION
  CREATE USER
  ALTER USER
  DROP USER
  CREATE ANY TABLE
  ALTER ANY TABLE
  DROP ANY TABLE
  CREATE PUBLIC DATABASE LINK
  GRANT ANY ROLE
  ALTER DATABASE
  CREATE ANY PROCEDURE
  ALTER ANY PROCEDURE
  DROP ANY PROCEDURE
  ALTER PROFILE
  DROP PROFILE
  GRANT ANY PRIVILEGE
  CREATE ANY LIBRARY
  EXEMPT ACCESS POLICY
  GRANT ANY OBJECT PRIVILEGE
  CREATE ANY JOB
  CREATE EXTERNAL JOB
  23 rows selected.
  SQL> select object_name, object_type, owner, created from dba_objects where object_name = 'EXPENDABLE_USE';
  OBJECT_NAME                      OBJECT_TYPE         OWNER                    CREATED
  EXPENDABLE_USE                   SYNONYM             PUBLIC                   20-JUL-11
  EXPENDABLE_USE                   TABLE               SISI                     20-JUL-11
  2 rows selected.
  Now, view the dba_audit_objects view:
    1   select os_username, username, timestamp, action_name from dba_audit_object where timestamp > sysdate-9
    2* order by timestamp desc
  SQL> /
  OS_USERNAME          USERNAME                 TIMESTAMP         ACTION_NAME
  scmsrvacct           SISI                     20-JUL-2011 11:44 CREATE PUBLIC SYNONYM
  scmsrvacct           SISI                     19-JUL-2011 19:40 DROP PUBLIC SYNONYM
  scmsrvacct           SISI                     19-JUL-2011 19:40 DROP PUBLIC SYNONYM
  3 rows selected.Notice that the table created on 20-JUL-2011 is not included above.
  why not?
  Any why isn't my test user shown, or the creation of the simple table created by the test user?

  Well, I can't exactly do what you asked because 'privilege' is not a column.
  But I'm guessing this is what you are asking for:
    1* select * from dba_stmt_audit_opts where user_name is NULL
  SQL> /
  USER_NAME PROXY_NAME AUDIT_OPTION                             SUCCESS    FAILURE
                       ALTER ANY TABLE                          BY ACCESS  BY ACCESS
                       SYSTEM GRANT                             BY ACCESS  BY ACCESS
                       DROP ANY TABLE                           BY ACCESS  BY ACCESS
                       CREATE ANY PROCEDURE                     BY ACCESS  BY ACCESS
                       DROP ANY PROCEDURE                       BY ACCESS  BY ACCESS
                       ALTER ANY PROCEDURE                      BY ACCESS  BY ACCESS
                       GRANT ANY PRIVILEGE                      BY ACCESS  BY ACCESS
                       GRANT ANY OBJECT PRIVILEGE               BY ACCESS  BY ACCESS
                       GRANT ANY ROLE                           BY ACCESS  BY ACCESS
                       SYSTEM AUDIT                             BY ACCESS  BY ACCESS
                       CREATE EXTERNAL JOB                      BY ACCESS  BY ACCESS
                       CREATE ANY JOB                           BY ACCESS  BY ACCESS
                       CREATE ANY LIBRARY                       BY ACCESS  BY ACCESS
                       CREATE PUBLIC DATABASE LINK              BY ACCESS  BY ACCESS
                       EXEMPT ACCESS POLICY                     BY ACCESS  BY ACCESS
                       ALTER USER                               BY ACCESS  BY ACCESS
                       CREATE USER                              BY ACCESS  BY ACCESS
                       ROLE                                     BY ACCESS  BY ACCESS
                       CREATE SESSION                           BY ACCESS  BY ACCESS
                       DROP USER                                BY ACCESS  BY ACCESS
                       ALTER DATABASE                           BY ACCESS  BY ACCESS
                       ALTER SYSTEM                             BY ACCESS  BY ACCESS
                       ALTER PROFILE                            BY ACCESS  BY ACCESS
                       DROP PROFILE                             BY ACCESS  BY ACCESS
                       DATABASE LINK                            BY ACCESS  BY ACCESS
                       PROFILE                                  BY ACCESS  BY ACCESS
                       PUBLIC SYNONYM                           BY ACCESS  BY ACCESS
                       CREATE ANY TABLE                         BY ACCESS  BY ACCESS
  28 rows selected.also
  SQL> select distinct(user_name) from dba_stmt_audit_opts;
  USER_NAME
  1 row selected.

• CC 2014 Using "Edit in Adobe Audition" question?

  In Premiere Pro CC (2014). When I send an audio clip that is an .aif from the timeline to Audition using “Edit in Adobe Audition > Clip”, when it shows up in Audition, the file is a .wav file. Is there a preference that will keep it a .aif file?

  Dont know... but possibly an Audition Preference or a workflow actually in Audition for Mixer or Sound File Editor setup

• OAM/OIM 11.1.1.3 audit question

  All,
  We are collecting login information in the IAU_BASE table. Most of the time IAU_INITIATOR value is null. Does anyone have an idea why this is the case? Is there a setup that we are missing in OAM configuration?
  thanks in advance,
  Prasad.

  Hi - did you ever get an answer to this question or figure this out?

• Premiere Pro/Audition question

  I am running Premiere Pro CS4 and Audition 2.0. I have some musical HD footage that I have loaded into PP. I would like to export only the audio, work on it in Audition and reimport into PP. The only audio only export option in Media is AAC (+/- Version 1 or 2) which Audition doesn't recognize.
  Suggestions?

  With File Associations in Windows, at least one user has bypassed Soundbooth for Audition, so that Edit in Audition works as it did back in the old PrPro 2.0 days. Not sure of what any ins-and-outs might be, and do not have CS4, but Edit in Audition works for other, even in CS4, with a little work in Control Panel.
  Doing an Export to PCM/WAV, editing in Audition, doing a Save, and then an Import will work too.
  Good luck,
  Hunt

• Auditing question executing the TRUNCATE command.

  Hello.
  We have some audit controls in place that interrogate SQL codes to determine whether an INSERT, UPDATE or DELETE command has been executed by a user. However, when a user executes a TRUNCATE command, an sudit record is not generated. Since I cannot find a specific code for Truncate, I was thinking that the code that caputes a DELETE command would work... but it doesn't appear that is the case.
  We only have a very few users that can issue the TRUNCATE command, but I'd like to know if anyone knows of a specific code for TRUNCATE. Or if anyone has an idea how we could generate AUDIT records when a user does issue a TRUNCATE command.
  Thanks!

  There is certainly a lot of bad information floating around on this topic.
  "Audit table" will audit create table, drop table and truncate table - which is absolutely true. It is the ONLY way to reliably audit truncate table operations.
  Object auditing on a specific table (e.g. audit all on scott.mytab) never creates an audit record for truncation.
  You can audit "DROP ANY TABLE" which will create an audit record ONLY when someone with the DROP ANY TABLE system privilege attempts to truncate a table in another schema.
  Contrary to what some "experts" (including at least one ACE) think, "audit truncate table" is NOT valid syntax.
  "Audit truncate" does not return an error, but (as far as I can tell and I've actually tested it on 9.2.0.4, 10.2.0.1, 10.2.0.5 and 11.2.0.3) it does nothing. It creates no record in DBA_STMT_AUDIT_OPTS or DBA_PRIV_AUDIT_OPTS and it never produces a record in the audit trail. It is a half-baked auditing option that does not actually work - so, "audit truncate" should return an error!

• IT Audit Question

  Greetings, I am working with a client who outsources their DBA services to a third party. The third party has unfettered 24 hour access to the database using one generic id. This is creating an issue from an audit perspective. I have been told by other people within my firm that Oracle 9i, which is what the client is running, has an auditing feature that will allow you to audit statements issued by a specific user id? Further, it is my understanding that you can place the log file on a network drive that the DBA wouldn't have access to? Does anyone have any information on this, or a link that I could go to for more information. I want to at least be able to recommend a starting point to the client. They have a manager that has general knowledge of Oracle, but not the expertise of a typical DBA. Any help on this topic would be greatly appreciated.

  Take a look at chapter 26 of database admin guide (Auditing Database Use), that should give you a starting point. If the "user" the third party will use is a sysdba, consider making use of the init parameter called audit_sys_operations.
  Daniel

• SBSMonacct Auditing Question

  Hello,
  We have a customer running SBS 2011 who we monitor with Kaseya. They have an application they are unfortunately stuck with, that syncs to their AD but it's very basic and has no notifications if it fails. If a user changes their credentials it stops working
  and it's not immediately obvious to the user. Because of this we monitor for password changes by event ID and then proactively contact the user to get their password and update the software's credentials. Unfortunately the SBSMonacct as part of its normal
  actions resets it's password every 30 minutes creating a lot of false tickets alert/tickets from the events generated. I have tried using auditpol.exe to exclude the SBSMonacct from auditing on a per user basis but since it's an admin account it doesn't seem
  to have any effect. Is there a way to disable the SBSMonacct procedure (we monitor with Kaseya not the SBS reports) or exclude it from the security log? 
  Thanks,
  Brian

  Hi Brian,
  Based on your description, I understand that you want to disable some specific alerts in the SBS report email.
  You can configure notification settings to achieve this target in Windows SBS Console.
  Please refer to the detailed operations.
  Open the
  Windows SBS Console.
  On the navigation bar, click
  Network, and then click the Computers tab.
  In the task pane, click
  View notification settings. The Notification settings page appears.
  Then you can configure the Service, Performance counters and Event Log errors what you want to be notified about in email.
  In addition, I can find that you monitor with Kaseya. So, please also refer to following thread. It may help
  you.
  SBSMonAcct how to disable Reports
  http://social.technet.microsoft.com/Forums/exchange/en-US/04a81fff-fc52-492c-ba3b-8161dcb7382a/sbsmonacct-how-to-disable-reports?forum=smallbusinessserver
  If anything I misunderstand, please don’t hesitate to let me know.
  Hope this helps.
  Best regards,
  Justin Gu