Working with Oracle Fine Grained Auditing

PeopleTools supports the use of Oracle Fine Grained Auditing. Oracle Fine Grained Auditing (FGA) enables you to create policies that define specific conditions that must be met in order for an audit to occur. It provides granular auditing of queries, and INSERT, UPDATE, and DELETE operations.

Using FGA creates more meaningful and focused audit trails. Rather than recording each and every access or update of a table, FGA allows you to set parameters for audits to make them more efficient. For example, you might decide to audit only under these circumstances:

  • Tables accessed between 6 p.m. and 6 a.m. or only on Saturday and Sunday.

  • An IP address from outside the corporate network is used.

  • A specific column has been selected or updated, perhaps with a specific value.

Note: Any policies created using FGA will be preserved after upgrading your PeopleSoft application. During an upgrade, PeopleTools will store your FGA policies and then reapply them to the newly upgraded tables. Use the Oracle FGA documentation to implement FGA on your PeopleSoft implementation.

Important! FGA policies are preserved only during upgrade. If you alter a table using Application Designer, and that table has FGA policies defined for it, you will need to reapply those policies manually.

To enable the preservation of your FGA policies during upgrades, PeopleTools provides the following scripts in PS_HOME\scripts.

Script

Description

preupgfgareport.sql

Generates a report showing the current (pre-upgrade) FGA policies.

preupgfgaprocess.sql

Stores the current FGA policy in a temporary table, and creates these scripts:

  • PSCREATEFGA.SQL: recreates the existing FGA policies.

  • PSDISABLEFGA.SQL: disables the FGA policies (for improved performance during the upgrade only).

postupgreport.sql

Generates these reports:

  • Report showing tables untouched during the upgrade with regard to FGA.

  • Report showing FGA columns dropped during upgrade.

postupgfgavalidation.sql

Generates a report showing the differences between the pre and post-upgrade FGA policies, and drops the temporary table storing the FGA policies.

See also:

  • Oracle® Database Security Guide 11g Release 1 (11.1): "Verifying Security Access with Auditing," Auditing Specific Activities with Fine-Grained Auditing.

  • Your PeopleTools and PeopleSoft application upgrade documentation.