SOX Compliance and Segregation of Duties

• From: "Parvez Bashir" <pbashir@xxxxxxxxxxx>
• To: oracle-l@xxxxxxxxxxxxx
• Date: Sat, 01 Apr 2006 14:52:32 -0500

Folks,

We are currently using the following "watch the DBA" approach for SOX.

1) Lock SYS/SYSTEM except for upgrades/one-off patches/patch sets
2) Each DBA logins in "AS SYSDBA". We have turned on SYS_AUDIT_OPERATIONS
3) We are auditing all DDL including "AUDIT all on sys.aud$ by access"

Here is the problem with this approach:

1) Logins for db user " X AS SYSDBA" create the AUD$ audit record for SYS (not X). Is there any way to work around this problem?
2) The OS audit files are created with "oracle" OS account privileges and can be removed by the "oracle" account. Is this possible to send the information to non-Oracle logs? There is some mention in metalink that this is possible for certain operating systems but it is not clear which ones.

Also, is there any white paper for "Oracle DBA SOX Compliance"?

Regards,
Parvez

--
//www.freelists.org/webpage/oracle-l

Other related posts:

• » SOX Compliance and Segregation of Duties
• » RE: SOX Compliance and Segregation of Duties
• » Re: SOX Compliance and Segregation of Duties
• » Re: SOX Compliance and Segregation of Duties

1. Home
2. oracle-l
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---