The Rule engine is one of the critical pieces in an auditing solution. It sits between the data collection and the reporting output. It is the heart of the functionality that will take the job of reviewing the reports from impossible to manageable to easy. The reason it is so important is the vast amount of SQLs that go through a database engine. A good rule engine will reduce the amount of SQLs in the report and increase their relevance.
Change control is an important part of being compliant. You will not pass an audit without having a change control process in place. One of the requirements you might face is to monitor all changes in the database and make sure they all came from the change control process.
Blue Core Research's "NO BULL" buyers guide to Database Auditing products - Part 13: Application user IdentificationSubmitted by tduong on Mon, 2010-11-08 22:23
There is a common misconception about the value of application user identification. The reason for the misconception is the marketing of this feature by some companies, but we'll get into all that later. First lets examine the idea.
Most applications have a single database user that they use to access the data. To enforce security, these applications maintain an internal list of users and roles that they enforce. In other words – instead of using the database security features, that functionality is performed by the application. The result is that when you look at the database activity you see everything coming from a single user. An obvious requirement is to map the database activity to the application user as it is seen by the application.
What I love about writing SQL Tuning articles is that I very rarely end up publishing the findings I set out to achieve. With this one, I set out to demonstrate the advantages of PARALLEL DML, didn't find what I thought I would, and ended up testing 8 different techniques to find out how they differed. And guess what? I still didn't get the results I expected. Hey, at least I learned something.
As an ETL designer, I hate updates. They are just plain nasty. I spend an inordinate proportion of design time of an ETL system worrying about the relative proportion of rows inserted vs updated. I worry about how ETL tools apply updates (did you know DataStage applys updates singly, but batches inserts in arrays?), how I might cluster rows together that are subject to updates, and what I might do if I just get too many updates to handle.
It would be fair to say I obsess about them. A little bit.
Simple introduction to Oracle Database 11g Rules Manager using good old EMP table.
This Article introduces Oracle Rules Manager in a series of simple examples with imaginary cases on the EMP table. This article is an overview of the possibilities of Oracle Rule Manager for a traditional Oracle Architect who has never thought of a Rule based approach. It will also be informative to communities working actively with other Rule Engines, who never considered the Oracle Rule Manager.
Blue Core Research's "NO BULL" buyers guide to Database Auditing products - Part 14: Oracle and MS SQL ServerSubmitted by tduong on Fri, 2010-10-29 00:59
Most companies have more than one database vendor. Oracle, SQL Server, DB2, MySQL and Sybase are all common depending on the company, and some use less common databases such as TeraData. There are, however, some important questions to ask before you dive into your cross platform heterogeneous requirements:
* Which databases do you actually need to audit? Is all your SOX, PCI, HIPAA or other sensitive data scattered across all these databases, or is your SQL Server just used for small home-grown apps that do not have any auditing requirements?
* Do you have the same DBA or team managing all these databases, or are they different teams that will end up managing auditing solutions independently? In the later case you are better off choosing the best solution for each database rather than mandating a single solution no one is too happy with.
Information about Oracle licensing is not abundantly available. Most of us might not be familiar with Oracle licensing. This article provides information about Oracle Licensing Rules and Definitions. This is Part 1 – License Metric (Oracle Technology). Please look at the disclaimer and agree before reading.
You can choose between a license based on a ‘User’ or based on server-specifications which is ’Processor’. A user-based license is called Named User Plus. So, two common license metrics are Named User Plus and Processor. I will explain a little more about the definitions.
Database Activity Monitoring (DAM) is a new emerging and challenging market bordering both databases and security. The biggest problem in this market is the lack of tools able to provide what is so obviously needed. Blue Core Research aims to fill this gap and provide the products and technologies that can adequately audit your databases.
Compliance is about mitigating risks. Some of the risks you are likely to have in your organization are:
* DBAs – DBAs have unlimited access to the database and as a result they can see and change anything.
If you have installed OBIEE 11g successfully, lets try to explore some of the new features and tools available with BI Publisher 11g.
Unlike 10g, where Report is a single entity and data sets are the part of Report definition, in 11g, Data Sets (which termed as Data Model in 11g) and Report definition are two separate entities.
Data Model, which drive/extract the xml data for report is the advance version of Data Template, So there is no Data Template in 11g, its all Data Model with a very nice Data Model editor to design simple to complex Data model. This support some new data source like, BC4J View Objects and EXCEL, which were not supported in earlier releases as data source.
Report definition includes the Data Model reference, Layout template and other report specific metadata required to render or generate the Report output.
For these many years, we are using RTF templates as main Layout Template, now there is new format available with 11g, it is xpt format, which looks like Oracle’s proprietary format. As claimed, it generates almost pixel perfect output and could be a good substitute for PDF Forms. A nice Report Designer is available to design these xpt reports.
As I mentioned earlier, the complete report consist of two main objects, Data Model and Report definition. Data Model should exist, before we start Report definition.
Before design the data model, make sure the required jdbc connection is setup through BI Publisher Administration UI. To access JDBC data source UI, click the Administration from the Top bar and select the Manage BI Publisher Administration from the Common Administration Page.
... then Goldilocks went into the bears' Data Centre and there were 3 Oracle databases. The first was a Data Warehouse. Goldilocks checked the AWR, but all the SQLs were to-o-o-o-o-o-o-o big; they all used full scans, hash joins, bitmap-index combining, partition pruning and parallelism and couldn't be tuned any more. So Goldilocks went to the second Oracle database. It was an OLTP system with hundreds of concurrent users. Goldilocks fired up SQL Tuning Advisor, but all the SQLs were to-o-o-o-o-o-o-o small; they used unique index scans and cluster-joins and couldn't be tuned any more. So Goldilocks went to the third Oracle database. It was an Operational Data Store with a rolling 3 month retention. Goldilocks found SQLs that were joining a million rows with Nested Loops joins, buffer cache hit ratios of 50%, and under-utilised disk. She smiled, opened up Tom Kyte's Expert Oracle eBook on her second monitor and got to work. This database was ju-u-u-u-u-u-u-u-st right ...