You could just have them use Operations Navigator or a tool like DB
Visualizer with an exit set up for SQL to log all statements. You can
buy exit programs or write your own. Be aware that with the security
officer, where there is a will there is a way. You can help mitigate
that by auditing all of your production objects and reviewing their
activity.

David Morris

>>> cbower@xxxxxxxxxxxx 11/23/2004 7:20:56 AM >>>
Group:
 
We are attempting to wrestle with a final Sarbanes Oxley issue relating
to SQL, specifically using STRSQL via the command line.  While STRSQL is
restricted to those who have a business need to use it, our problem
relates to the potential for data manipulation and changes that are not
logged.  Our development staff can use it (but not update production
data) but our security officers can of course use it, AND update
production data.  It is NOT practical for us to journal all of our
production data libraries.  While I do have STRSQL command usage logged
via the OS/400 audit journal, (we know who uses it and when) it does not
provide the log of activity within the STRSQL session.
 
Are there any tools on the market that can log the activity within the
STRSQL session?   Any feedback you can provide would be GREATLY
appreciated!
 
Chuck Bower
VP of IS
Coachmen Technology Services, Inc.


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.