 Best way to record AUDIT - Forms or DB Trgr ? [message #141744] |
Tue, 11 October 2005 22:07  |
ORADEV1011
Messages: 3
Registered: October 2005
|
Junior Member |
|
|
Hi,
We are working on an application in which we need to record AUDIT LOG for certain columns in certain tables.
I see two ways to do this . One way is ,to add some additional code in Transactions Form to insert records into AUDIT tables also , when we are doing INSERT / UPDATE on trx tables.
Another way is by doing DB triggers on Trx tables.
Can you pl comment what is the best way of recording this log. Or are there any other better ways of doing this ??
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Best way to record AUDIT - Forms or DB Trgr ? [message #142704 is a reply to message #142702] |
Mon, 17 October 2005 06:11  |
manwadkar
Messages: 104
Registered: September 2005
Location: Washington DC
|
Senior Member |
|
|
Lets take example of application which can be ported on Oracle, Informix and sqlserver.
If I keep all my code at client side and send all audit details (created_by, updated_by, creation_date, last_update_date details) to server side then my code (means client application) becomes generic. That's why I said that it is always recommended to keep audit code at client side. Otherwise you need to write triggers at database level. Oracle, Informix or other database may have different structure and features for triggers.
When client application talks with database server, usually it is recommended to use standard user to communicate with database (like APPS/APPLSYSPUB in E-Business Suite). In this case database audit may not help us because we do not have database user account for each separate connection. We are sharing the one user to commit data.
In above scnerio, if DBA/Application developer wants to do direct write on database ( like at sql prompt or using toad) then there should be separate account needed (like APSUPPORT for AP schema, POSUPPORT for PO schema, OESUPPORT for OE schema). Here database triggers will help you to audit the transactions. You can write database trigger in such a way that if call is other than client application database (suppose APPS) user then make created_by=CURRENT DATABASE USER.
I hope you got what I wanted to say. If you still have doubts then please send me an email to vmanwadkar@hotmail.com.
|
|
|
|
| Re: Best way to record AUDIT - Forms or DB Trgr ? [message #142712 is a reply to message #142704] |
Mon, 17 October 2005 06:45 |
 |
Maaher
Messages: 7065
Registered: December 2001
|
Senior Member |
|
|
| manwadkar wrote on Mon, 17 October 2005 13:11 |
Lets take example of application which can be ported on Oracle, Informix and sqlserver.
|
We are talking Oracle Forms here. You will always have to rewrite the database side if you want to port.
| manwadkar wrote on Mon, 17 October 2005 13:11 |
When client application talks with database server, usually it is recommended to use standard user to communicate with database (like APPS/APPLSYSPUB in E-Business Suite).
|
Not on my watch! It makes the entire security part unnecessary complex.
| manwadkar wrote on Mon, 17 October 2005 13:11 |
In this case database audit may not help us because we do not have database user account for each separate connection.
|
Exactly, and is this a good thing? I don't think so. Now you are forced to write your own mechanism while Oracle has built-in AUDIT capacities. You do know that Oracle is perfectly able to cope with more than one user? I hate these kind of heavy forms applications. Do as much as you can on the database and keep your Forms as light as possible, that's my advise. You cannot convince me.
MHE
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
0 / 0%