12.2.5 Creating auditors
An HADB user with the DBA privilege can create an auditor (an HADB user with the audit privilege). The procedure for creating auditors is as follows:
- Example:
-
The following auditors will be created:
-
An HADB user with the audit admin privilege (authorization identifier ADBAUDITADMIN)
-
An HADB user with the audit viewer privilege (authorization identifier ADBAUDITOR)
Procedure:
-
Add the HADB users.
CREATE USER "ADBAUDITADMIN" IDENTIFIED BY '#HelloHADB_AUD01' CREATE USER "ADBAUDITOR" IDENTIFIED BY '#HelloHADB_AUD02'
HADB users are added with the authorization identifiers ADBAUDITADMIN and ADBAUDITOR.
-
Grant the CONNECT privilege and the appropriate audit privilege to the HADB users you created.
GRANT CONNECT,AUDIT ADMIN TO "ADBAUDITADMIN" GRANT CONNECT,AUDIT VIEWER TO "ADBAUDITOR"
To the user ADBAUDITADMIN, grant the CONNECT privilege and the audit admin privilege. To the user ADBAUDITOR, grant the CONNECT privilege and the audit viewer privilege.
This completes the process of creating the auditors.
- Important
-
-
The audit trail facility administrator and the person responsible for auditing must immediately change the passwords of their accounts from the defaults (#HelloHADB_AUD01 and #HelloHADB_AUD02). For details about how to change passwords, see 11.6.2 Changing an HADB user's password.
A database administrator who creates an auditor will know the password of that auditor. If the password is not changed from the default, the database administrator could potentially use the account of the auditor to alter the outcome of the audit.
-
To enable the audit trail facility, there must be at least one HADB user who has the audit admin privilege.
-
To make an existing HADB user an auditor, perform only step 2 of the preceding procedure. Note that you cannot grant the audit admin privilege to an HADB user who has the DBA privilege.
-