Auditing Adabas DBA activities in Open Systems

Hi ,
There is only one privileged user which is SAG having authority to execute certain adabas utilities which modify,add or delete existing files and database information.It is Sun Solaris and ADAv514
Due to COBIT and SOX requirements, usage of privileged commands in the database needs to be audited for appropriateness to the policies.These commands can be the creation of file,dropping of a field ,deletion or refreshing of a file etc.These commands can be executed by user SAG only,so the activities of user SAG should be audited only.
It seems that ADAPLP is the only tool for this purpose in open system.However,getting data for a specific user has some limitations according to manual
"USER_ID = string
This option displays only the records which start with the specified user ID.
Only records of the type BT, C1, C5, CL, DA, DV, ET, FCBDS, FCBIX, INDEX and XA are displayed. "
They obviously need report for CF,CT,DC,DT etc.
Is there any other way of getting user specific activities from PLOG ?
What is your experience at this area ?
kind regards
Engin

I would think you would be more concerned over utility activities such as would be logged in the checkpoint file. An ADAREP REPORT CPEXLIST filed away each week should suffice I would think then.

Just my opinion, and no two SOX auditors interpret the law the same way.

Regds,

Brian

I would think you would be more concerned over utility activities such as would be logged in the checkpoint file. An ADAREP REPORT CPEXLIST filed away each week should suffice I would think then.

Just my opinion, and no two SOX auditors interpret the law the same way.

Regds,

Brian

I would think you would be more concerned over utility activities such as would be logged in the checkpoint file. An ADAREP REPORT CPEXLIST filed away each week should suffice I would think then.

Just my opinion, and no two SOX auditors interpret the law the same way.

Regds,

Brian

Hi Brian,
Thanks a lot .It is good idea to use adarep checkpoints also…
I will evaluate it.
By the way, you are right ; no two SOX auditors interpret the procedures the same way, plus internal and external auditors have totally different opinions :slight_smile:
kind regards
Engin