Limiting file access auditing to specific users

Similar Messages

• Audit a Specific User

  hi all,
  This is 10g on Windows
  I want to find out which tables are accessed by a certain user. (it's a round-a-bout way of determining which tables are updated when this user creates/deletes a user withing the application software)
  I know about this: audit select,insert,update,delete on table1
  But.. I dont know the table names - I want the audit trail to show all the tables the user accessed while auditing was enabled.
  Can I do that? Thanks, John

  AUDIT ALL BY john;will audit all actions by John in Table 13-1
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_4007.htm#g2274817
  AUDIT SELECT TABLE BY john;
  AUDIT INSERT TABLE BY john;
  AUDIT DELETE TABLE BY john;will, additionally, audit all SELECT, INSERT, DELETE statements executed by John. See Table 13-2
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_4007.htm#g2274817

• Auditing a specific user for their session

  Is it possible to enable/disable auditing for a user in a way similar to enabling/disabling a role?
  What I'm trying to do is - enable auditing for a user when they login to an application (where the application enables it's roles via an application based role - (role identified using a package)) and - when the user logs out have auditing automatically 'disable'.
  I'm not sure if this is possible. Any insight/suggestions are greatly appreciated.
  Thanks!

  If I am understanding your question correctly, you can use fine grained auditing for this. As far as I know, you can't conditionally audit using regular constructs. You can do something like...
  begin
    dbms_fga.add_policy(object_schema   => 'YOUR_USER',
                        object_name     => 'YOUR_TABLE',
                        policy_name     => 'YOUR_TABLE_AUDIT',
                        audit_condition => 'sys_context(''userenv'',''os_user'') = ''howards''',
                        audit_column    => 'YOUR_COLUMN');
  end;
  /This will create an audit record in dba_fga_audit_trail whenever the os_user howards selects the given column from the given table. If the same database user executes the select while connected to os_user 'raymond', the select won't be audited.
  Some of the sys_context parameters are easily spoofed, but the idea should hold true no matter how you evaluate the session.

• Limited file access after migration assistant

  After migrating files from a TM to a new HD for my MBP, I needed help from the Apple Community just the find the things tucked away in a new user folder. Now I need help getting them to open.  Many folders have this little minus sign on them and say "You have no access" when I see their info. These are the most significant items and what I thought was the purpose of a backup. (Music, Pictures, Movies, Downloads, Deskstop, and my fav. "Silver Briefcase"), I have found the files on TM, so they do exist, but I am hesitant to click "Restore", as the files may already be on here somewhere. Please help make this "just work".

  geologyjoel wrote:
  Before getting this, I took it to a Mac-helper store. They had me make a new account and delete the two incomplete accounts so I could do a full restore and have only one account. They recommended restoring while in TM from that one account, shut down the computer, restart, open the restored account, and deleting this dumby-starter account. That didn't work: I got a "cannot complete this process. Error -8003".
  That should work if, instead of using Time Machine to restore the account in question, you use Migration Assistant to transfer it instead.  Restoring or copying the home folder from your backups won't work.
  Trying your method: Pressing Command (the apple) - R resutls in a "No" sign as in "No smoking", and then my computer shuts off.
  Do that after powering down. 
  Your profile says you're running Tiger (10.4.11).  We know that's outdated, since Time Machine doesn't work on Tiger, but we don't know what you are running:
  •  If you're running Leopard (10.5.x) or Snow Leopard (10.6.x), you need to insert the the OSX Install disc (per section (b) of #14 and hold the "C" key while starting up.
  •  If you're running Lion (10.7.x) or Mountain Lion (10.8.x), you need to start from your Recovery HD, per section (a) of #14.  Hold Cmd and the "R" keys while starting up (the Cmd keys are next to the spacebar on most keyboards).
  If that doesn't work, hold the Alt/Option key while starting up.  That will show all possible startup sources, something like this:
  If you're on Lion or Mountain Lion, you should see either "Recovery HD" or "Recovery 10-8" (the red arrow).
  If you're on 10.7.2 or later, your Time Machine drive may have a copy of the Recovery HD (the green arrow). 
  If there's an Install disc in your SuperDrive, it will be shown.
  Select the one you want (the gray arrow should move), then click the drive icon to start from it.
  EDIT:  please tell us what version of OSX your Mac is running. 
  It would also be a good idea to update your profile, by clicking "Your Stuff" at the top of this page, selecting "Profile," and editing the "My Products" section.
  Message was edited by: Pondini

• Possible to delete Offline Files content for a specific user from the Client Side Cache (CSC) ?.

  Hello Everyone,
  We would like to implement a script to delete the offline files in the Client Side Cache (CSC) for a nominated user (on Windows 7 x64 enterprise).
  I am aware that;
  1. We can use a registry value to flush the entire CNC cache (for all users) next time the machine reboots.
  2. If we delete the user's local profile it appears that Windows 7 also removes their content from the local CSC.
  However, we would like to just delete the CSC content for a particular nominated user without having to delete their local user profile.
  In our environment we have many users that share workstations but only use them occasionally. We don't use roaming profile so we would like to retain all the users' local profiles but still delete the CSC content for any users that haven't
  logged on in a week.
  Any ideas or info would be appreciated !
  Thanks, Makes

  Hi,
  I don't think this is possible.
  If you want to achieve it via script, I suggest you post it in official script forum for more professional help:
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?category=scripting
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Karen Hu
  TechNet Community Support

• Monitor files accessed by a specific process

  Hi all,
  I'm trying to do the task in subject but I've no idea how to start... My goal is to check when a specific task (I've no control on it) opens up a specific file, in order to generate an alarm in an I/O board.
  Basically I want to develop in LabVIEW what e.g."ProcessActivityView" does http://www.nirsoft.net/utils/process_activity_view.html .The software developer explains in the page listed above that the program works as follow: "After you select a process, ProcessActivityView inject a special helper dll (ProcessActivityViewHelper.dll) into the selected process. This dll intercepts the internal file I/O API of Windows, and sends the information back to ProcessActivityView utility".
  Anybody knows how to do this or suggesting any other approach to implement my idea?
  Many thanks in advance.

  smercurio_fc wrote:
  Unfortunately, the FileSystemWatcher class will not notify if an application merely opens a file.
  If the file is being written to by the other app it would give you a nottification, but only if the other app flushes the stuff to disk.
  I didn't realize that this was only a read of an existing file. From what I can tell, it should be possible to enable FileSystemWatcher to monitor LastAccess IF the file is local and the LastAccess flag in the registry is set properly (NtfsDisableLastAccessUpdate). The tradeoff is that every folder browse updates lastaccess, which might not be ideal.
  I poked around and discovered that Microsoft provides libraries for something called a file system filter driver. It appears that the main use for these drivers is to allow apps such as virus protection and backup software to monitor/intercept file system I/O. 
  This stackoverflow thread led me to a commercial product that uses these file system filter drivers called CallBackFilter. It probably doesn't apply to this particular problem but maybe this will be of use to someone who needs this sort of functionality in the future.
  http://stackoverflow.com/questions/3621661/detect-file-read-in-c-sharp
  Now is the right time to use %^<%Y-%m-%dT%H:%M:%S%3uZ>T
  If you don't hate time zones, you're not a real programmer.
  "You are what you don't automate"
  Inplaceness is synonymous with insidiousness

• Disabling user access to a specific server

  Hi,
  I want to disable the access of a specific user to a specific server. Is this possible?
  Thanks,
  Ziv

  There are two things I know you can do:
  1. In Server Admin, click on the server you are want to block the user from and then click on access from the row of icons at the top. For the services you want to block (from what you posted it would seem like SSH and VPN and maybe a few more) put the users that you want to have access and exclude the user you don't want to have access.
  2. In Workgroup Manager, go to computers. There should already be an entry for the server (at least mine was automatically added). Click on the server computer in question and then click on Preferences, then Login, and then select the Access tab from the bar. On the Access Control List you can add the user to the list and then mark their login permissions as deny. This way they will be denied from logging on to the server.

• Auditing all users file access - too much information

  Hi, I have enabled a GPO With the following: Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access -> Audit File System -
  Success on a file server.
  After that, I have enabled successful Create files/Create Folders on a folder for the built-in group Everyone.
  That part works fine, I can see when users are creating files on the folders. But I also get a lot of Extreme amounts of other events logged in the Security log, and everything is coming from the backup agent running on the server (NetBackup in this case).
  How come that a backup agent is creating the events like this? It makes filtering much harder afterwards. The business requirements is to audit Everyone who is adding files to a specific folder, not all the rest of the server. The server
  is Win2008 R2.
  Example:
  An attempt was made to access an object.
  Subject:
  Security ID: SYSTEM
  Account Name: FILESERVER01$
  Account Domain: MYDOMAIN
  Logon ID: 0x3e7
  Object:
  Object Server: Security
  Object Type: File
  Object Name: \Device\HarddiskVolumeShadowCopy58\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.18619_none_d4cab625fb3adf96\audiosrv.dll
  Handle ID: 0x3c4
  Process Information:
  Process ID: 0x1048
  Process Name: C:\Program Files\VERITAS\NetBackup\bin\bpbkar32.exe
  Access Request Information:
  Accesses: WriteAttributes

  Hi Steve,
  I feel your pain, I turned on logging on a file server and found the security log filling 4GB in a couple of hours. I think the key is being very selective about what you audit. I found this article useful and it had some powershell and ideas for helping
  make sense of the information overload - http://blogs.technet.com/b/mspfe/archive/2013/08/27/auditing-file-access-on-file-servers.aspx
  In my opinion though you really need a third party solution to make this viable, two I've looked at are
  Netwrix File Server Auditor and
  FileAudit which seem very similar in functionality and ease of use. These basically read in the event log to provide long term archive and reporting on it.
  Good luck,
  Tim

• Can we give UNIQUE ACCESS FOR THE SPECIFIC FILE IN THE LIBRARY in SP2013? How can we remove users from SHARED WITH link where files are shared with users?

  Hi,
  Any help on this?
  Thanks
  srabon

  Hi srabon,
  For giving unique access for a specific file in a library, you can go to the library, and select the file , and click FILES->Shared With->ADVANCED, under PERMISSION ribbon, click ‘Stop Inheriting Permissions’, then the file will have unique permissions.
  For removing the shared users for a file, firstly, like the above steps, select the file , and click FILES->Shared With->ADVANCED , make sure the file has unique access, then select the users that you want to remove, and click Remove User Persmissions
  under PERMISSIONS ribbon.
  I hope this helps.
  Thanks,
  Wendy
  Wendy Li
  TechNet Community Support

• Audit file access

  I want to audit file and folder access auditing on a windows 2008 server. I need to enable audit log all file activity by user such as read, copy, create, rename, deleted .
  Is there a way to see if an user access a specific file ?
  Thanks

  Hey please have a look at these link for the reference.
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b18ca99b-db07-4e2e-8f13-67d58a4d1c63/windows-2008-server-files-access-real-time-monitoring
  Moreover, you can start from the several links from here also
  http://technet.microsoft.com/en-us/library/dd408940%28v...
  http://technet.microsoft.com/en-us/sysinternals/bb89664...
  http://technet.microsoft.com/en-us/library/cc721946.asp...
  And the other option is you can opt for a third party tool such as Lepide Auditor For File Server. A file Server monitoring tool that would help you in case for a real time monitoring.Test the tool from the given link below.
  http://www.lepide.com/file-server-audit/
  Thanks.

• Is there a way to play an mp4 file at the beginning of a published project only when the project is accessed from a specific site?

  Is there a way to play an mp4 file at the beginning of a published project only when the project is accessed from a specific site?
  A little background info. I use Captivate 7 and currently have over 100 projects that I maintain on a quarterly basis. I publish using the SWF format and upload the swf/htm files to a server where they are then accessed from a few locations (within our online documentation, in our software product, on two different websites). Many of the projects are linked so some will be viewed as a series and others viewed as a standalone video. Each video uses the same template and includes an intro and end slide. Now my organization wants to implement a new intro to all videos (those I publish and those from several groups across the organization). My current intros provide overview material for the specific video so the new intro, which is an animation with audio in mp4 format, would need to be placed at the start of each project. The issue is, the intro adds 9 seconds to every video and in many cases doesn’t add any value (say, if a user accesses the video from within our product or views the videos as a series). I’ve talked it over with my boss and we want to try to add the intro only to videos accessed from site X, not any other location. So now to my question. Is there a way to play an external mp4 file (intro) only when the published project is accessed from a specific site, therefore eliminating the need to update each project? Maybe there's a way to add a parameter or variable to the URL or the html code?
  Thanks in advance for your suggestions. Please let me know if you need additional information.

  AimeeLove,
  I have a solution for you.  You may have to modify the code a little bit based on how long the timeline animation is for your clock.  I based mine on 3 seconds to complete a minute hand sweep around the clock.
  Milliseconds for each point on the clock:
  12 = 0
  1 = 250
  2 = 500
  3 = 750
  4 = 1000
  5 = 1250
  6 = 1500
  7 = 1750
  8 = 2000
  9 = 2250
  10 = 2500
  11 = 2750
  In the mouseover section for 12 o' clock, put this code...
  myVar = setInterval(function(){
       var pos = sym.getPosition();
       if (pos > 0 && pos < 50){
            sym.stop(0);
            clearInterval(myVar);
  },10);
  When you point to the time, the setInterval method loops every 100th of a second and checks the current position of the timeline.  When the timeline reaches the range between 0 and 50 milliseconds (almost impossible to hit 1 specific point), the timeline will stop at 0.  Also, the clearInterval will be fired to stop the loop.
  In the mouseout section, put this...
  sym.play();
  clearInterval(myVar);
  It start the clock again, and it also clears the loop in case you mouseout before you reach the range.
  Make sure that myVar is a global variable so you can clear it from the mouseout section.
  Repeat this for each point on the clock.  To avoid potential conflicts, you may want to use my12, my1, my2, etc. instead of myVar.  I put the milliseconds at the top that you would use as the beginning of the range.  50 milliseconds should be enough to catch it.  So, for 5 o' clock, you would make your range between 1250 and 1300.
  Let me know if you have any questions.  Thanks!
  Fred

• List of users who have access to a specific universe

  Hello Experts,
  We have a requirement to get the list of the users who have access to a specific universe. Please suggest how to achieve this ?
  Is there any query to find this list by query builder or query to audit database ?
  We are using Business objects 3.1 sp5.
  Many Thanks
  Ankur

  Ankur,
  Refer to the discussion below:
  how to get a list of reports a user has access to, using either the cms database or the auditing database
  Regards,
  Ashvin

• Unable to access server files shares with Active Directory Users

  Quick breakdown of my issue.
  I have setup a Yosemite file server running the latest version of Yosemite and Server.
  File sharing in Server.app is enabled and shares have been created
  The server is bound to my company's Active Directory and you can directly login to the computer via AD credentials.
  The big issue is this, unless the user has directly walked up to my server and logged into it at least once, they cannot authenticate to the file shares via their AD credentials.
  For example: Administrator (me) I can login and access all file shares without issue.
  Jane Smith (SMITH) who has actually walked up to my server and logged in via her AD credentials, can also access all file shares. (That she has access to)
  John Doe (JDOE) who has not logged into the server in anyway, cannot authenticate to the server file shares  at all (even though I have granted him permission) He just gets an "Access Denied" message.
  I have gone into Directory Utility and changed the search order to give AD priority and this still doesn't resolve the problem.
  We have unbound the server from AD and added in back again and still not able to resolve.
  If you open Server.app and go to add someone from AD to a file share, it finds the AD user quickly and everything looks right. but still unable to authenticate to the server if they haven't directly logged into it before?
  All of the documentation and google articles I have found say my server is setup correctly, any help would be greatly appreciate it!
  Thanks in advance!

  I figured this out. In Mountain Lion Server, it doesn't matter if you give the user rights to a shared file or folder, if the user doesn't have access the File Sharing service, they can't get it. I had to find the specific users in the Server app under the AD in the Users tab, and give them rights to the File Sharing service. I think you can do this for a whole AD group as well, but I haven't tried.

• LSMW - Access to Specific Objects Permissions to specific users

  Hi guys,
  I want to know if it is possible to allow access to specific users that are in charge of the execution of a specific object of and LSMW.
  Regards,
  Eric

  Hi guys,
  One solution i got right now (but it isn't the ideal), is to debug the execution step of the LSMW in order to find the name of the program that iit's been call and the one that its call inthe step in wich the files are been specify. Then develop a "Z" program that calls both of them and give the user the access to this new transaction.
  Any better sugestion?.
  Regards,
  Eric

• Audit specific objects for specific users

  audit statement has the option to choose audit by user list
  audit object has the option to choose audited objects
  now i need to audit specific objects, i.e. user A's tables accessed by a specific group of users, let's say ALL users other than A
  Is it a simple way to achieve this goal? (audit A's tables that accessed by all database users other than A)
  Thanks!

  sorry, the link works now. However, there is nothing new in 10G, same as I read from 9i document. See my highlight below in the quoted document text, my requirements is the combination of them ( specific users and specific objects). Thanks anyway.
  <quote
  Table 8-1 Auditing Types and Descriptions
  Type of Auditing (link to discussion)      Meaning/Description
  Statement Auditing      Enables you to audit SQL statements by type of statement, not by the specific schema objects on which they operate. Typically broad, statement auditing audits the use of several types of related actions for each option. For example, AUDIT TABLE tracks several DDL statements regardless of the table on which they are issued. You can also set statement auditing to audit selected users or every user in the database.
  Privilege Auditing
       Enables you to audit the use of powerful system privileges that enable corresponding actions, such as AUDIT CREATE TABLE. Privilege auditing is more focused than statement auditing, which audits only a particular type of action. You can set privilege auditing to audit a selected user or every user in the database.
  Schema Object Auditing
       Enables you to audit specific statements on a particular schema object, such as AUDIT SELECT ON employees. Schema object auditing is very focused, auditing only a single specified type of statement (such as SELECT) on a specified schema object. Schema object auditing always applies to all users of the database.
  Fine-Grained Auditing
       Enables you to audit at the most granular level, data access and actions based on content, using any Boolean measure, such as value > 1,000,000. Enables auditing based on access to or changes in a column.
  /quote>