Home | Previous Page | Next Page   Overview of Auditing > Secure-Auditing Facility >

Audit Masks

Audit masks specify those events that the database server should audit. You can include any event in a mask. The masks are associated with user IDs, so that specified actions that a user ID takes are recorded. Global masks _default, _require, and _exclude are specified for all users in the system.

Before you use auditing, you need to specify which audit events to audit. To specify audited events, add the events to the masks. You also need to perform other tasks, which Audit Administration, describes.

The database server does not provide auditing for objects or processes. For example, you cannot ask the database server to audit all access attempts on a certain object. You can, however, filter audit records from the audit trail based on objects with the audit-analysis tools, which Audit Analysis, describes.

Figure 1 represents a set of audit masks. The actual masks and their features are explained in Audit Masks and Audit Instructions.

Figure 1. Audit Masks After Installation
begin figure description - This figure is described in the surrounding text. - end figure description

After installation is complete, you can create the audit masks and turn on auditing.

Important:
If auditing is off, the database server does not audit any events, even if events are specified in the masks.

In addition to the three masks that Figure 1 shows, you can specify user masks for individual users. User masks enable you to audit some users more than others and target different types of activities for different users. Except for the audit administrator who maintains the masks, a user cannot tell which events are being audited. For a description of user masks, see page User Masks.

You can also create template masks to create new user masks. For a description of template masks, see page Template Masks.

Masks and their events are called auditing instructions, as Figure 2 shows. You have significant flexibility regarding the auditable facets of Dynamic Server. You can select anything from minimal audit instructions, in which no events are audited, to maximal audit instructions, in which all security-relevant database server events are audited for all users.

Figure 2. The Auditing Instructions
begin figure description - This figure is described in the surrounding text. - end figure description

After you define the auditing instructions and turn on auditing, you can modify one or more audit masks as needs change and you identify potential security threats. For information on how to change audit masks, see Audit Administration.

Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]