Here are some options: 1) Hire double the number of DBAs, so one can watch what the other one is up to. Each only knows 1/2 of each system password, with copies locked up and sealed in a safe. Enjoy watching them squirm at the thought of that expense. :) 2) Use existing financial reports to catch issues. Saved Hard-copies of appropriate transaction summary reports would make post-facto changes to the database very easy to catch. The transaction totals by account by time-period wouldn't match. Of course, that's work for business staffers, not techies. Not unbreakable, but makes it harder to pull off. 3) A stand-alone PC that the sys-admins don't have access rights to, which is properly secured from unauthorized physical access, could also store check-sums for a more automated verification that things are as they should be. Again, not unbreakable, but harder to pull off. 4) Get over it. That's life in the big city. Hire *quality* people and pay them appropriately. Remind them that CEOs and CFOs have been stealing the money recently, not DBAs. :) > >How do you respond to Managements that are "very concerned" >after Auditors >(the SarbOx type) >tell them "the DBA has unrestricted privilege on all data in >the database". > -- //www.freelists.org/webpage/oracle-l