System Audit
Dear All,
I must imagine an standard for system audit, for different SAP systems (4.6, 6.0, etc.)
This audit consist of a reports for: system measurements (system release, database system, etc.), user measurements (number of users an autorizations, expired users, etc.) and business measurements (nr. of materials created, number of order created - purchase order, sales order, production order, etc.).
Firs of all I must to create this standard and after this I must to find the SAP transaction to obtain the results.
Can you give me some documentation about such kind of standard? Or SAP transaction?
Thank you very much for your answers,
Marian
It depends on the scope and goal of your audit. For example: Just the network? Or network and servers and applications? Audit for security or audit for inventory, configuration standards etc.? How big a system (i.e. 5 devices or 5000 devices)? Is there an existing management system and known good archive of all configurations?
Depending on the answers to these, a wide variety of tools at varying costs can be used.
Similar Messages
-
Collecting File System Audit logs with Audit Vault
Can Audit Vault collect multi-platform OS file system audit records and logs as well as network component logs from switchs and routers in addition to DB audit records to satisify ICD 503/NIST/DOD auditing requirements? If not could it be configured to do so?
thanksit only collect data from databases which may be oracle or non-oracle.
Oracle Audit Vault automates the consolidation and monitoring of audit data from Oracle and non-Oracle databases.
http://www.oracle.com/technetwork/products/audit-vault/overview/index.html -
good ady all,
i would really apprecite it if I could get some assistance with regards to the above. we are preparing for a system audit from external auditors.
I would like to know, How to prepare for an SAP audit: What do i need to do to ensure a successful result. what tranaction codes to i need to ru. in other words what transactions will the auditors be running when they get here?
thanks.Oh oh oh... you are in big trouble...
Just joking.
If you have no clue where to start and what you should have / could have been doing already (the auditors will lookmfor this...) then start transaction 'SECR'. It is obsolete, but will point you to the Audit Information System's role menus. You can then follow through them to cover the basic stuff which an auditor will look for as well.
Cheers,
Julius -
Logging SID to Operating System Auditing Trail
Greetings,
In Oracle 10 and 11, is there a way to include the SID in the information that gets logged to the operating system audit trail?
Thanks,
Mylesuser13431282 wrote:
Greetings,
In Oracle 10 and 11, is there a way to include the SID in the information that gets logged to the operating system audit trail?
SID as in ORACLE_SID or V$SESSION.SID? -
System audit trail for FBL5N and Mass Change use
Hello,
My client carried out the foll actions yesterday.
Called TCode FBL5N using a range of customers
When the line items were displayed, they selected some of them and then went into Environment - Mass Change - New Values
Here they input a new value to the Dunning Block field.
Then they saved it and came out.
Later they realized that they should not have made the changes to some of the records. Unfortunately, now they dont remember either the customer range for which they had run FBL5N or the line items which they had changed.
So, the question is: is there any way by studying the audit trail or system history, one can find out which are the documents/line items that were changed yesterday within a specific time frame using TCode FBL5N and then Mass Change?
Please see if you can provide some input.
Regards,
Suvarghya DuttaHello,
It must have been kept to "All"
From future, all your transactions will have security audit log.
If you want to see the system log, then visit SM21.
Regards,
Ravi -
Hi,
I am using Oracle 10.1.0.2.0 on WinXP. I want to start auditing on my database and I have fixed AUDIT_TRAIL=OS, but not not mentioned the AUDIT_FILE_DEST parameter.
As per Oracle Docs ...
If you do not set the AUDIT_FILE_DEST parameter, then Oracle Database places the file in the following default locations:
Linux and Solaris: $ORACLE_BASE/admin/$DB_UNIQUE_NAME/adump
For example:
/opt/oracle/app/oracle/admin/orcl/adump
Windows: %ORACLE_BASE%\admin\%DB_UNIQUE_NAME\adump
For example:
C:\ORACLE\ADMIN\ORCL\ADUMP
But I can not see any ADUMP folder in my %ORACLE_BASE%\admin\%DB_UNIQUE_NAME folder. will it create automatically or I have to create it manually?
RegardsIn Windows audit records are written as events to the Event Viewer log file.
-Amit
http://askoracledba.blogspot.com -
Dear Gurus
What are the areas to be checked at the time of SAP audit for SD module??? Kindly throw some light regarding the same.
SidhuI am not sure about SAP SD Audit , but following info may help :--
01. Complete and correct master data
02. Complete and Correct Transcation data
03.Proper and logical processing
04. User administration and authorisation check
05.Tracking document changes
06.Detailed document analysis
07. Creating and changing GL accounts
08. Check balances , stock etc
09. Check Tax Code / VAT / Keys etc
10. Check Number ranges .
Thanks
Rajesh -
Sir,
How to get the user details who have used a particular tcode within a particular date and time? Is it possible through SM21?
If it is so, it is not comming in my case. Is it locked ? how I check it and what is the proceess to unlock it ?
Please advice.
Thanks in advance.
Pranab
Edited by: Pranab Das on Jul 10, 2009 8:21 AMAs said by Puneeth you can take it for day to day wise.
When you need it for many days then you need to Use Sm19 to confiure for the user Statictis and sm20 to display the same.
Goto Sm19- Dyanamic configuration, chose filter one select what all you need for trace and save and activate the trace. But be carefull in this, trace will start consume spaces in harddisk. You can also deactivate this if you do not want this, its done in Sm19 trancscation itself.
Arun -
Difference between RFC, SYSTEM and AUDIT users?
Hi All,
Can you highlight the main differences between the following users:
RFC
SYSTEM
AUDIT
how do their functions differenciate them ?
Thanks in advance,
DiwakarRFC User
RFC user is basicly used to receive status messages. An RFC user has to be created in all the system clients where messages needs to be recieved. An RFC user can also be used for receiving messages using SMTP plug-in.
The RFC User is an sap user of type System and that's why no person can logon with this user on SAP System.
Following is thr procedure to create RFC User, remember the purpose is to recieve messages including status messages as well.
Creation of RFC User
Go to Tools > Administration > User Maintenance > Users.
Enter a name, for example MAIL_ADMIN.
Select "New"
On the Logon data tab page, select the user type System.
Enter a password.
On the Profiles tab page, enter the authorization profile S_A.SCON. This profile minimizes the risk of misuse, even if the communication system does not store the password is encoded form.
Select "Save"
Both RFC user and a System user are of type System only. Now the difference, depends upon the profile and authorization of the user.
Audit users are of type dialog, and can be used by a person to logon to system. There might be many roles assigned to this user. My understanding is that an Audit User is not a standard sap type user but just a dialog user and can be created with a conventional method of creating any other dialog users with a specific profile and authorizations.
Still to confirm, Can you please tell us, how many types of users does it shown in 4.6c at the time of user creation?
Best Regards,
Amol Bharti -
Tracking oracle database activities in security/system logs of windows server
Can database activity like create or drop tables and packages be tracked in the security/system logs of windows 2003 server for the oracle database 10.2.0.4?
Can purging of oracle log, n case the file has become big or even tempered be tracked in the security/system logs of windows 2003 server for the oracle database 10.2.0.4?
dhomyaHi Dhomya,
I am not familiar with Oracle database, though you may try to enable file system auditing:
Audit object access
https://technet.microsoft.com/en-us/library/cc776774(v=ws.10).aspx
Apply or modify auditing policy settings for an object using Group Policy
https://technet.microsoft.com/en-us/library/cc757864(v=ws.10).aspx
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Command to set modify Advanced Security Settings (Audit Settings for folders) on windows 2008
Hello,
We have requirement to modify Advanced Security Settings (Audit Settings for folders) on windows 2008. I am looking for a command which does this job.
I know, using group policies I can do this; in fact I had done this using group policies. However, I need to do this on number of servers which are not in domain. There are around 15 folders on which I need to enable Auditing; manual editing folder advanced
permissions is a cumbersome job. Hence, I am looking for a command line options.
I need to know how command can be utilised to enable Audit option on a folder. Please share a command which can do this; once I get the command, I will create a batch file for other necessary folders. (BTW, this is not a scripting question, I just need to
know the command hence, please do not re-direct me to scripting forum)
Manually through GUI, I am setting following.. snaps are given below
Thanks !You can try using Auditpol.exe: http://technet.microsoft.com/en-us/library/cc731451%28v=ws.10%29.aspx
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Thanks but I guess, auditpol ca be used only to manipulate system audit policies. how do I specify a folder and user in auditpol ? I could not find or understand how folder can be included with auditpol command line options.
Thanks ! -
How to create an audit trail report in SAPB12007
Hello,
I been looking for some ways to make an Audit Trail Report for our System Audit. Could anyone help me with this?
I would like to generate a report that will list all the BP and ITem master data. the date its created and modified and if its modified what are the old values and the modified values.
I browse the table ACRD for the BP history. how every it could be read as a report. So I was wondering if anyone knows what table should I look at if I am to get the old and new value of a modified transaction. Pls. note that I wanted to create a report.
Thank you very much
catHere are the queries that I use for my audits internally. The first one is for customer changes. And the second one to control pricing.
Query Name: Business Partner History Log
Author: Vincent Motte
Version: 1.0
History:
/SELECT FROM ACRD T1/
DECLARE @DATE AS DATETIME
/* WHERE */
SET @DATE = /* T1.UpdateDate */ getdate()-30
SELECT
CASE
WHEN (SELECT ISNULL(T10.BankCode,0) FROM ACRD T10 WHERE T10.CardCode=T0.CardCode AND T10.LogInstanc=T0.LogInstanc-1)<>ISNULL(T0.BankCode,0)
Then 'Bank details modified'
WHEN (SELECT ISNULL(T10.DflAccount,0) FROM ACRD T10 WHERE T10.CardCode=T0.CardCode AND T10.LogInstanc=T0.LogInstanc-1)<>ISNULL(T0.DflAccount,0)
Then 'Bank details modified'
WHEN (SELECT ISNULL(T10.DflBranch,0) FROM ACRD T10 WHERE T10.CardCode=T0.CardCode AND T10.LogInstanc=T0.LogInstanc-1)<>ISNULL(T0.DflBranch,0)
Then 'Bank details modified'
WHEN (SELECT COUNT(T10.CardCode) FROM ACRD T10 WHERE T10.CardCode=T0.CardCode and T10.LogInstanc<T0.LogInstanc)<=0
Then 'Creation'
else ''
END 'Alert',
T0.UpdateDate 'Update Date', T1.[U_NAME] 'User',T0.CardCode, T0.CardName
, T0.[CreditLine], T0.[DebtLine],
T0.[Discount], T0.[VatStatus], T0.[LicTradNum], T0.[ListNum] 'Price List', T0.[DflAccount], T0.[DflBranch], T0.[BankCode],
T0.[validFor], T0.[frozenFor], T0.[VatGroup], T0.[Deleted], T0.[PymCode], T0.[BlockDunn],
T0.[WTCode]
FROM ACRD T0 , OUSR T1 WHERE
T1.INTERNAL_K=T0.UserSign AND T0.UpdateDate>=@DATE
Query Name: Price Change log
Description: extracts the price modification for each item in SBO for the past 30 days
Version 1.0
Author: Vincent Motte
History:
Select
--T0.UserSign,
T1.itemcode 'Item Code',
T0.Price [Previous],
T1.Price [Current],
T2.ListName 'Price List',
T0.Factor[Old Factor] ,
T0.factor [New Factor],
/* select the update date for the log instance(determined by the where condition )*/
(Select distinct T3.Updatedate from aitm T3 where T3.itemcode= T0.itemcode and (T3.loginstanc +1)= T0.loginstanc ) 'Update Date',
T0.loginstanc 'Instance',
T2.listName 'Price List',
/Select the base price list for the item's price list from the price list table/
(Select T4.base_num from opln T4 where T4.listnum = T1.pricelist and T4.listnum = T0.pricelist) [Base PriceList ]
--t0.Currency,
--T1.CURRENCY
From
ait1 T0 inner join
itm1 T1 on T0.pricelist = T1.pricelist and T0.itemcode = T1.itemcode
Inner Join opln T2 on T1.pricelist = T2.listnum
where
/* Condition 1: Select all the items + their price change where the price has been changed and the base price list equals the price list itself. It counts the Log Instance from the item in
the price list and substract one to get the last entry where the price was changed. The loginstance coutn ignores a count of 1
T0.loginstanc =
((Select count (a.Loginstanc) from ait1 a where a.itemcode = T0.itemcode and a.pricelist = T0.pricelist group by a.itemcode having count(a.Loginstanc) > '1' ) -1)
and
/* Cater for prices in target price lists which may have been manually changed. */
(T1.ovrwritten='y'and T0.Price <> T1.Price)
or (T0.Price <> T1.Price and T2.base_num = T1.pricelist and T2.base_num = T1.pricelist
and T2.base_Num = T2.listnum )
Cater for cases where a currency change but not a price change may happen
OR T0.CURRENCY <> T1.CURRENCY
or
Condition 2: Select all price changes where the price may have changed due to the price of the parent price lsit changing.
As this type of price chnage is not recorded in the AIT1 the second log instance condition details that the base price list
from opln does not equal the actual price list in ait1 or itm1.
T0.loginstanc =
(Select top 1 c.loginstanc from ait1 c where c.itemcode = T0.itemcode and c.pricelist = T0.pricelist and c.loginstanc <> '1' order by c.loginstanc desc)
and T2.base_num <> T1.pricelist and T2.base_num <> T1.pricelist
and T2.base_Num <> T2.listnum
and
caters for a change in the factors or prices in target price lists which may have been manually changed.
((T0.Factor <> T1.factor)
or (T1.ovrwritten='y'and T0.Price <> T1.Price)
or T0.price <> T1.price
Cater for cases where a currency change but not a price change may happen
OR T0.CURRENCY <> T1.CURRENCY
and (T0.Price >= 0 or T1.Price >=0) and ((T0.Price <> T1.Price) or ((T0.Price <>
(Select distinct b.pricelist from itm1 b right outer join OPLN T4 on b.pricelist= T4.listnum and b.pricelist <> T4.base_Num where b.pricelist = T1.pricelist and b.itemcode =T1.itemcode)))
and (Select distinct T3.Updatedate from aitm T3 where T3.itemcode= T0.itemcode and (T3.loginstanc +1)= T0.loginstanc ) >getdate()-30 -
Auditing in oracle 10g database and oracle 10g application server
Dear friends,
We have oracle 10g application server and oracle 10g database server in place.My criteria is to audit users connected using oracle application user credentials to the database.
Can you please tell me how can i do it.
Thanks & regards,Its the database connection you want to track. The session audit will show where it came from.
Auditing is turned using this command:
alter system set audit_trail = DB scope=spfile;
Note: The use of spfile will require a DB bounce before audit starts
To audit Sessions:
audit create session;
Query by Audit Type:
SELECT A.USERNAME,
OS_USERNAME,
A.TIMESTAMP,
A.RETURNCODE,
TERMINAL,
USERHOST
FROM DBA_AUDIT_SESSION A
WHERE USERHOST = <replace with iAS servername> ;
By User
SELECT USERNAME,OBJ_NAME,ACTION_NAME , TIMESTAMP
FROM DBA_AUDIT_TRAIL WHERE USERNAME = 'SCOTT';
Check for users sharing database accounts
select count(distinct(terminal)),username
from dba_audit_session
having count(distinct(terminal))>1
group by username;
Attempts to access the database at unusual hours
SELECT username, terminal, action_name, returncode,
TO_CHAR (TIMESTAMP, 'DD-MON-YYYY HH24:MI:SS'),
TO_CHAR (logoff_time, 'DD-MON-YYYY HH24:MI:SS')
FROM dba_audit_session
WHERE TO_DATE (TO_CHAR (TIMESTAMP, 'HH24:MI:SS'), 'HH24:MI:SS') <
TO_DATE ('08:00:00', 'HH24:MI:SS')
OR TO_DATE (TO_CHAR (TIMESTAMP, 'HH24:MI:SS'), 'HH24:MI:SS') >
TO_DATE ('19:30:00', 'HH24:MI:SS');
Attempts to access the database with non-existent users
SELECT username, terminal, TO_CHAR (TIMESTAMP, 'DD-MON-YYYY HH24:MI:SS')
FROM dba_audit_session
WHERE returncode <> 0
AND NOT EXISTS (SELECT 'x'
FROM dba_users
WHERE dba_users.username = dba_audit_session.username);
Other audits you might consider:
audit grant any object privilege;
audit alter user;
audit create user;
audit drop user;
audit drop tablespace;
audit grant any role;
audit grant any privilege;
audit alter system;
audit alter session;
audit delete on AUD$ by access;
audit insert on AUD$ by access;
audit update on AUD$ by access;
audit delete table;
audit create tablespace;
audit alter database;
audit create role;
audit create table;
audit alter any procedure;
audit create view;
audit drop any procedure;
audit drop profile;
audit alter profile;
audit alter any table;
audit create public database link;
Best Regards
mseberg -
I see lots of auditing records getting generated with action# 85, i looked up, it is truncate table.
how can i turn it off?
the following are the current auditing option from this database. which one is generating this action# 85.
====
AUDIT ADMINISTER ANY SQL TUNING SET BY ACCESS ;
AUDIT ADMINISTER DATABASE TRIGGER BY ACCESS ;
AUDIT ADMINISTER SQL MANAGEMENT OBJECT BY ACCESS ;
AUDIT ADMINISTER SQL TUNING SET BY ACCESS ;
AUDIT ADVISOR BY ACCESS ;
AUDIT ALTER ANY ASSEMBLY BY ACCESS ;
AUDIT ALTER ANY CLUSTER BY ACCESS ;
AUDIT ALTER ANY CUBE BY ACCESS ;
AUDIT ALTER ANY CUBE DIMENSION BY ACCESS ;
AUDIT ALTER ANY DIMENSION BY ACCESS ;
AUDIT ALTER ANY EDITION BY ACCESS ;
AUDIT ALTER ANY EVALUATION CONTEXT BY ACCESS ;
AUDIT ALTER ANY INDEX BY ACCESS ;
AUDIT ALTER ANY INDEXTYPE BY ACCESS ;
AUDIT ALTER ANY LIBRARY BY ACCESS ;
AUDIT ALTER ANY MATERIALIZED VIEW BY ACCESS ;
AUDIT ALTER ANY MINING MODEL BY ACCESS ;
AUDIT ALTER ANY OPERATOR BY ACCESS ;
AUDIT ALTER ANY OUTLINE BY ACCESS ;
AUDIT ALTER ANY PROCEDURE BY ACCESS ;
AUDIT ALTER ANY ROLE BY ACCESS ;
AUDIT ALTER ANY RULE BY ACCESS ;
AUDIT ALTER ANY RULE SET BY ACCESS ;
AUDIT ALTER ANY SEQUENCE BY ACCESS ;
AUDIT ALTER ANY SQL PROFILE BY ACCESS ;
AUDIT ALTER ANY TABLE BY ACCESS ;
AUDIT ALTER ANY TRIGGER BY ACCESS ;
AUDIT ALTER ANY TYPE BY ACCESS ;
AUDIT ALTER DATABASE BY ACCESS ;
AUDIT ALTER DATABASE LINK BY ACCESS ;
AUDIT ALTER JAVA CLASS BY ACCESS ;
AUDIT ALTER JAVA RESOURCE BY ACCESS ;
AUDIT ALTER JAVA SOURCE BY ACCESS ;
AUDIT ALTER MINING MODEL BY ACCESS ;
AUDIT ALTER PROFILE BY ACCESS ;
AUDIT ALTER PUBLIC DATABASE LINK BY ACCESS ;
AUDIT ALTER RESOURCE COST BY ACCESS ;
AUDIT ALTER ROLLBACK SEGMENT BY ACCESS ;
AUDIT ALTER SEQUENCE BY ACCESS ;
AUDIT ALTER SESSION BY ACCESS ;
AUDIT ALTER SYSTEM BY ACCESS ;
AUDIT ALTER TABLE BY ACCESS ;
AUDIT ALTER TABLESPACE BY ACCESS ;
AUDIT ALTER USER BY ACCESS ;
AUDIT ANALYZE ANY BY ACCESS ;
AUDIT AUDIT ANY BY ACCESS ;
AUDIT AUDIT SYSTEM BY ACCESS ;
AUDIT BACKUP ANY TABLE BY ACCESS ;
AUDIT BECOME USER BY ACCESS ;
AUDIT CHANGE NOTIFICATION BY ACCESS ;
AUDIT CLUSTER BY ACCESS ;
AUDIT COMMENT ANY MINING MODEL BY ACCESS ;
AUDIT COMMENT ANY TABLE BY ACCESS ;
AUDIT COMMENT EDITION BY ACCESS ;
AUDIT COMMENT MINING MODEL BY ACCESS ;
AUDIT COMMENT TABLE BY ACCESS ;
AUDIT CONTEXT BY ACCESS ;
AUDIT CREATE ANY ASSEMBLY BY ACCESS ;
AUDIT CREATE ANY CLUSTER BY ACCESS ;
AUDIT CREATE ANY CONTEXT BY ACCESS ;
AUDIT CREATE ANY CUBE BY ACCESS ;
AUDIT CREATE ANY CUBE BUILD PROCESS BY ACCESS ;
AUDIT CREATE ANY CUBE DIMENSION BY ACCESS ;
AUDIT CREATE ANY DIMENSION BY ACCESS ;
AUDIT CREATE ANY DIRECTORY BY ACCESS ;
AUDIT CREATE ANY EDITION BY ACCESS ;
AUDIT CREATE ANY EVALUATION CONTEXT BY ACCESS ;
AUDIT CREATE ANY INDEX BY ACCESS ;
AUDIT CREATE ANY INDEXTYPE BY ACCESS ;
AUDIT CREATE ANY JOB BY ACCESS ;
AUDIT CREATE ANY LIBRARY BY ACCESS ;
AUDIT CREATE ANY MATERIALIZED VIEW BY ACCESS ;
AUDIT CREATE ANY MEASURE FOLDER BY ACCESS ;
AUDIT CREATE ANY MINING MODEL BY ACCESS ;
AUDIT CREATE ANY OPERATOR BY ACCESS ;
AUDIT CREATE ANY OUTLINE BY ACCESS ;
AUDIT CREATE ANY PROCEDURE BY ACCESS ;
AUDIT CREATE ANY RULE BY ACCESS ;
AUDIT CREATE ANY RULE SET BY ACCESS ;
AUDIT CREATE ANY SEQUENCE BY ACCESS ;
AUDIT CREATE ANY SQL PROFILE BY ACCESS ;
AUDIT CREATE ANY SYNONYM BY ACCESS ;
AUDIT CREATE ANY TABLE BY ACCESS ;
AUDIT CREATE ANY TRIGGER BY ACCESS ;
AUDIT CREATE ANY TYPE BY ACCESS ;
AUDIT CREATE ANY VIEW BY ACCESS ;
AUDIT CREATE ASSEMBLY BY ACCESS ;
AUDIT CREATE CLUSTER BY ACCESS ;
AUDIT CREATE CUBE BY ACCESS ;
AUDIT CREATE CUBE BUILD PROCESS BY ACCESS ;
AUDIT CREATE CUBE DIMENSION BY ACCESS ;
AUDIT CREATE DATABASE LINK BY ACCESS ;
AUDIT CREATE DIMENSION BY ACCESS ;
AUDIT CREATE EVALUATION CONTEXT BY ACCESS ;
AUDIT CREATE EXTERNAL JOB BY ACCESS ;
AUDIT CREATE INDEXTYPE BY ACCESS ;
AUDIT CREATE JAVA CLASS BY ACCESS ;
AUDIT CREATE JAVA RESOURCE BY ACCESS ;
AUDIT CREATE JAVA SOURCE BY ACCESS ;
AUDIT CREATE JOB BY ACCESS ;
AUDIT CREATE LIBRARY BY ACCESS ;
AUDIT CREATE MATERIALIZED VIEW BY ACCESS ;
AUDIT CREATE MEASURE FOLDER BY ACCESS ;
AUDIT CREATE MINING MODEL BY ACCESS ;
AUDIT CREATE OPERATOR BY ACCESS ;
AUDIT CREATE PROCEDURE BY ACCESS ;
AUDIT CREATE PROFILE BY ACCESS ;
AUDIT CREATE PUBLIC DATABASE LINK BY ACCESS ;
AUDIT CREATE PUBLIC SYNONYM BY ACCESS ;
AUDIT CREATE ROLE BY ACCESS ;
AUDIT CREATE ROLLBACK SEGMENT BY ACCESS ;
AUDIT CREATE RULE BY ACCESS ;
AUDIT CREATE RULE SET BY ACCESS ;
AUDIT CREATE SEQUENCE BY ACCESS ;
AUDIT CREATE SESSION BY ACCESS ;
AUDIT CREATE SYNONYM BY ACCESS ;
AUDIT CREATE TABLE BY ACCESS ;
AUDIT CREATE TABLESPACE BY ACCESS ;
AUDIT CREATE TRIGGER BY ACCESS ;
AUDIT CREATE TYPE BY ACCESS ;
AUDIT CREATE USER BY ACCESS ;
AUDIT CREATE VIEW BY ACCESS ;
AUDIT DATABASE LINK BY ACCESS ;
AUDIT DEBUG ANY PROCEDURE BY ACCESS ;
AUDIT DEBUG CONNECT SESSION BY ACCESS ;
AUDIT DEBUG PROCEDURE BY ACCESS ;
AUDIT DELETE ANY CUBE DIMENSION BY ACCESS ;
AUDIT DELETE ANY MEASURE FOLDER BY ACCESS ;
AUDIT DELETE ANY TABLE BY ACCESS ;
AUDIT DEQUEUE ANY QUEUE BY ACCESS ;
AUDIT DIMENSION BY ACCESS ;
AUDIT DIRECTORY BY ACCESS ;
AUDIT DROP ANY ASSEMBLY BY ACCESS ;
AUDIT DROP ANY CLUSTER BY ACCESS ;
AUDIT DROP ANY CONTEXT BY ACCESS ;
AUDIT DROP ANY CUBE BY ACCESS ;
AUDIT DROP ANY CUBE BUILD PROCESS BY ACCESS ;
AUDIT DROP ANY CUBE DIMENSION BY ACCESS ;
AUDIT DROP ANY DIMENSION BY ACCESS ;
AUDIT DROP ANY DIRECTORY BY ACCESS ;
AUDIT DROP ANY EDITION BY ACCESS ;
AUDIT DROP ANY EVALUATION CONTEXT BY ACCESS ;
AUDIT DROP ANY INDEX BY ACCESS ;
AUDIT DROP ANY INDEXTYPE BY ACCESS ;
AUDIT DROP ANY LIBRARY BY ACCESS ;
AUDIT DROP ANY MATERIALIZED VIEW BY ACCESS ;
AUDIT DROP ANY MEASURE FOLDER BY ACCESS ;
AUDIT DROP ANY MINING MODEL BY ACCESS ;
AUDIT DROP ANY OPERATOR BY ACCESS ;
AUDIT DROP ANY OUTLINE BY ACCESS ;
AUDIT DROP ANY PROCEDURE BY ACCESS ;
AUDIT DROP ANY ROLE BY ACCESS ;
AUDIT DROP ANY RULE BY ACCESS ;
AUDIT DROP ANY RULE SET BY ACCESS ;
AUDIT DROP ANY SEQUENCE BY ACCESS ;
AUDIT DROP ANY SQL PROFILE BY ACCESS ;
AUDIT DROP ANY SYNONYM BY ACCESS ;
AUDIT DROP ANY TABLE BY ACCESS ;
AUDIT DROP ANY TRIGGER BY ACCESS ;
AUDIT DROP ANY TYPE BY ACCESS ;
AUDIT DROP ANY VIEW BY ACCESS ;
AUDIT DROP JAVA CLASS BY ACCESS ;
AUDIT DROP JAVA RESOURCE BY ACCESS ;
AUDIT DROP JAVA SOURCE BY ACCESS ;
AUDIT DROP PROFILE BY ACCESS ;
AUDIT DROP PUBLIC DATABASE LINK BY ACCESS ;
AUDIT DROP PUBLIC SYNONYM BY ACCESS ;
AUDIT DROP ROLLBACK SEGMENT BY ACCESS ;
AUDIT DROP TABLESPACE BY ACCESS ;
AUDIT DROP USER BY ACCESS ;
AUDIT ENQUEUE ANY QUEUE BY ACCESS ;
AUDIT EXECUTE ANY ASSEMBLY BY ACCESS ;
AUDIT EXECUTE ANY CLASS BY ACCESS ;
AUDIT EXECUTE ANY EVALUATION CONTEXT BY ACCESS ;
AUDIT EXECUTE ANY INDEXTYPE BY ACCESS ;
AUDIT EXECUTE ANY LIBRARY BY ACCESS ;
AUDIT EXECUTE ANY OPERATOR BY ACCESS ;
AUDIT EXECUTE ANY PROCEDURE BY ACCESS ;
AUDIT EXECUTE ANY PROGRAM BY ACCESS ;
AUDIT EXECUTE ANY RULE BY ACCESS ;
AUDIT EXECUTE ANY RULE SET BY ACCESS ;
AUDIT EXECUTE ANY TYPE BY ACCESS ;
AUDIT EXECUTE ASSEMBLY BY SESSION ;
AUDIT EXEMPT ACCESS POLICY BY ACCESS ;
AUDIT EXEMPT IDENTITY POLICY BY ACCESS ;
AUDIT EXPORT FULL DATABASE BY ACCESS ;
AUDIT FLASHBACK ANY TABLE BY ACCESS ;
AUDIT FLASHBACK ARCHIVE ADMINISTER BY ACCESS ;
AUDIT FORCE ANY TRANSACTION BY ACCESS ;
AUDIT FORCE TRANSACTION BY ACCESS ;
AUDIT GLOBAL QUERY REWRITE BY ACCESS ;
AUDIT GRANT ANY OBJECT PRIVILEGE BY ACCESS ;
AUDIT GRANT ANY PRIVILEGE BY ACCESS ;
AUDIT GRANT ANY ROLE BY ACCESS ;
AUDIT GRANT DIRECTORY BY ACCESS ;
AUDIT GRANT EDITION BY ACCESS ;
AUDIT GRANT MINING MODEL BY ACCESS ;
AUDIT GRANT PROCEDURE BY ACCESS ;
AUDIT GRANT SEQUENCE BY ACCESS ;
AUDIT GRANT TABLE BY ACCESS ;
AUDIT GRANT TYPE BY ACCESS ;
AUDIT IMPORT FULL DATABASE BY ACCESS ;
AUDIT INDEX BY ACCESS ;
AUDIT INSERT ANY CUBE DIMENSION BY ACCESS ;
AUDIT INSERT ANY MEASURE FOLDER BY ACCESS ;
AUDIT INSERT ANY TABLE BY ACCESS ;
AUDIT LOCK ANY TABLE BY ACCESS ;
AUDIT MANAGE ANY FILE GROUP BY ACCESS ;
AUDIT MANAGE ANY QUEUE BY ACCESS ;
AUDIT MANAGE FILE GROUP BY ACCESS ;
AUDIT MANAGE SCHEDULER BY ACCESS ;
AUDIT MANAGE TABLESPACE BY ACCESS ;
AUDIT MATERIALIZED VIEW BY ACCESS ;
AUDIT MERGE ANY VIEW BY ACCESS ;
AUDIT MINING MODEL BY ACCESS ;
AUDIT NOT EXISTS BY ACCESS ;
AUDIT ON COMMIT REFRESH BY ACCESS ;
AUDIT PROCEDURE BY ACCESS ;
AUDIT PROFILE BY ACCESS ;
AUDIT PUBLIC DATABASE LINK BY ACCESS ;
AUDIT PUBLIC SYNONYM BY ACCESS ;
AUDIT QUERY REWRITE BY ACCESS ;
AUDIT READ ANY FILE GROUP BY ACCESS ;
AUDIT RESTRICTED SESSION BY ACCESS ;
AUDIT RESUMABLE BY ACCESS ;
AUDIT ROLE BY ACCESS ;
AUDIT ROLLBACK SEGMENT BY ACCESS ;
AUDIT SELECT ANY CUBE BY ACCESS ;
AUDIT SELECT ANY CUBE DIMENSION BY ACCESS ;
AUDIT SELECT ANY MINING MODEL BY ACCESS ;
AUDIT SELECT ANY SEQUENCE BY ACCESS ;
AUDIT SELECT ANY TABLE BY ACCESS ;
AUDIT SELECT ANY TRANSACTION BY ACCESS ;
AUDIT SEQUENCE BY ACCESS ;
AUDIT SYNONYM BY ACCESS ;
AUDIT SYSDBA BY ACCESS ;
AUDIT SYSOPER BY ACCESS ;
AUDIT SYSTEM AUDIT BY ACCESS ;
AUDIT SYSTEM GRANT BY ACCESS ;
AUDIT TABLESPACE BY ACCESS ;
AUDIT TRIGGER BY ACCESS ;
AUDIT TYPE BY ACCESS ;
AUDIT UNDER ANY TABLE BY ACCESS ;
AUDIT UNDER ANY TYPE BY ACCESS ;
AUDIT UNDER ANY VIEW BY ACCESS ;
AUDIT UNLIMITED TABLESPACE BY ACCESS ;
AUDIT UPDATE ANY CUBE BY ACCESS ;
AUDIT UPDATE ANY CUBE BUILD PROCESS BY ACCESS ;
AUDIT UPDATE ANY CUBE DIMENSION BY ACCESS ;
AUDIT UPDATE ANY TABLE BY ACCESS ;
AUDIT USER BY ACCESS ;
AUDIT VIEW BY ACCESS ;
============I have tested on my DEVELOPMENT DB again. It is working fine. It requires to reconnect after turn off the DROP ANY TABLE. Have you done that? Send me output of test you performed.
You can test using following script.
connect as USER2 & execute following statements.
audit drop any table;
create table user1.test(
col1 number,
col2 number);
select os_username, username, action_name, priv_used
from dba_audit_trail a
where action = 85
and obj_name = 'TEST';
truncate table user1.test;
select os_username, username, action_name, priv_used
from dba_audit_trail a
where action = 85
and obj_name = 'TEST';
noaudit drop any table;
reconnect here as USER2
truncate table user1.test;
select os_username, username, action_name, priv_used
from dba_audit_trail a
where action = 85
and obj_name = 'TEST'; -
Hi experts
SAP was implemented 2 years back we have had done a comprehensive audit of financials at the end of last fiscal year which includes Accounts Receivables/Payables, banking, Inventory and Asset Accounting in contrast to the Standard Operating Procedures of our company...
This year we want to extend our scope to the comprehensive Information System Audit...but unfortunately we all are Chartered Accounts/Management Accountants...with no IT Background...though we do understand SAP but not at basis/abap level...
So what I am requesting is please help me how to do it...are there any simple ways of understanding the AIS in SAP, documents, threads any thing...which will sort out this problem for us...A step by step procedures of doing this thing...
Desperately waiting for your help in this regard
Regards
Salar...Is there no one to answer my question...
Maybe you are looking for
-
SD card won't import into Aperture, auto-ejects when trying to load preview
Tonight, after installing Leopard, I tried to import photos from an SD card through my SanDisk reader, just as I always have, and as soon as Aperture tries to display previews of what's on the card it causes the card/reader to auto-eject, and I get t
-
Hi, I have been trying for push Notification Services in Windows 8 Store Apps. I am requesting For notification channel in the following manner publicasyncvoidregisterChannelForNotification( try TileUpdateManager.CreateTileUpdaterForApplication().Cle
-
How can I load a previously purchased app to my new iphone?
I have some apps on my iPad, I would like them to be available on my new iPhone. Do I need to buy again, or is her a way of downloading them free or syncing somehow?
-
Keeping plot area, legend and legend within same area
I have two xy graphs, arranged one below another. Both have legends and multiple yscales (depending on user selection using popup menu). Yscales are shown programmatically and so is legend text (which varies in length). Legend is on right of plots. W
-
Intel-iMac Keyboard not working...
So I've had my Intel-iMac for a year and some change now and have had no problems until today when my keyboard stoped working. I have tried plugging into different usb ports but nothing. Each time I plug into a usb port the caps lock light does flash