|
You could just have them use Operations Navigator or a tool like DB Visualizer with an exit set up for SQL to log all statements. You can buy exit programs or write your own. Be aware that with the security officer, where there is a will there is a way. You can help mitigate that by auditing all of your production objects and reviewing their activity. David Morris >>> cbower@xxxxxxxxxxxx 11/23/2004 7:20:56 AM >>> Group: We are attempting to wrestle with a final Sarbanes Oxley issue relating to SQL, specifically using STRSQL via the command line. While STRSQL is restricted to those who have a business need to use it, our problem relates to the potential for data manipulation and changes that are not logged. Our development staff can use it (but not update production data) but our security officers can of course use it, AND update production data. It is NOT practical for us to journal all of our production data libraries. While I do have STRSQL command usage logged via the OS/400 audit journal, (we know who uses it and when) it does not provide the log of activity within the STRSQL session. Are there any tools on the market that can log the activity within the STRSQL session? Any feedback you can provide would be GREATLY appreciated! Chuck Bower VP of IS Coachmen Technology Services, Inc.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.