Scribd
Upload
17 views6 pages

Implementing Demantra Audit Log

The document outlines the implementation of an audit log for Demantra metadata configuration changes using database triggers, which is essential for tracking changes for compliance purposes. It details the creation of triggers for logging session information and changes to various objects, such as series and levels, into a standalone AUDIT_LOG table. The document includes SQL code for triggers and the structure of the AUDIT_LOG table to capture detailed user activity and changes.

Uploaded by

dsreddyin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views6 pages

Implementing Demantra Audit Log

The document outlines the implementation of an audit log for Demantra metadata configuration changes using database triggers, which is essential for tracking changes for compliance purposes. It details the creation of triggers for logging session information and changes to various objects, such as series and levels, into a standalone AUDIT_LOG table. The document includes SQL code for triggers and the structure of the AUDIT_LOG table to capture detailed user activity and changes.

Uploaded by

dsreddyin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Implementing a Demantra Audit log

Configuring an Audit Log in Demantra using database triggers

Audit logging of Demantra metadata configuration changes can be extremely useful for tracking data
model changes by date and user, particularly in the areas of Sarbanes-Oxley (SOX) compliance. This
audit logging of Demantra metadata configuration changes can be achieved via database triggers.

The approach outlined in this document would support logging configuration changes made using
Business Modeler as well as any type of backend change made to the data model outside of standard
tools.

Logging can include session information, user’s information and object configuration changes to Series,
Levels, Integration Interfaces, etc. The Audit can track the user who has made the changes as well as
logging old and new values.

This process should not modify any internal Demantra tables; information should be logged to a
standalone table which will be described below.

Demantra SESSIONS Table Trigger

Business Modeler stores Demantra session information in table SESSIONS. This will include the login /
logout activity time and Demantra USER_ID.

In order to have a more detailed log we can capture Oracle session variables and save them to the
SESSIONS table. Common session variables that can be added to any trigger or SQL are: SID, HOST,
MODULE, OS_USER:

SELECT sys_context('USERENV', 'HOST') FROM dual;


SELECT sys_context('USERENV', 'MODULE') FROM dual;
SELECT sys_context('USERENV', 'OS_USER') FROM dual;
SELECT sys_context('USERENV', 'SID') FROM dual;

The following trigger will capture and store the above information in Demantra SESSIONS table.

Audit Sessions Trigger:

CREATE OR REPLACE
TRIGGER audit_sessions
BEFORE INSERT OR UPDATE ON sessions
FOR EACH ROW
WHEN ( new.session_id > 0)
DECLARE
PRAGMA AUTONOMOUS_TRANSACTION;
user_id number;
BEGIN

/* capture Oracle session information in Demantra SESSIONS table */


:new.sid_num := sys_context('USERENV', 'SID');
:new.message := 'OS User: ' || sys_context('USERENV', 'OS_USER') ||
', Host: ' || sys_context('USERENV', 'HOST') || ', Module: ' || sys_context('USERENV', 'MODULE');

/* log action to audit log */


IF ( :new.active <> :old.active ) THEN
IF ( :new.active = 1 ) THEN
INSERT INTO AUDIT_LOG ( log_date, session_id, os_user, host_name, module, user_id, object_type,
object_name, old_value, new_value, message )
VALUES (sysdate, sys_context('USERENV', 'SID'), sys_context('USERENV', 'OS_USER'), sys_context('USERENV',
'HOST'), sys_context('USERENV', 'MODULE'), :old.USER_ID,
'Session', 'Login', :old.active, :new.active, 'User login.');
END IF;
IF ( :new.active = 0 ) THEN
INSERT INTO AUDIT_LOG ( log_date, session_id, os_user, host_name, module, user_id, object_type,
object_name, old_value, new_value, message )
VALUES (sysdate, sys_context('USERENV', 'SID'), sys_context('USERENV', 'OS_USER'), sys_context('USERENV',
'HOST'), sys_context('USERENV', 'MODULE'), :old.USER_ID,
'Session', 'Login', :old.active, :new.active, 'User logout.');
END IF;

COMMIT;
END IF;

END;
/

SESSIONS Table with trigger active:


Detailed standalone AUDIT_LOG Table

A generic stand alone table can be used to log all audit information using the AUDIT_SESSIONS
trigger above and any additional triggers for other objects. Below is a generic table structure
that can capture detailed information on user activity.

This table is not part of a standard Demantra schema; this is implemented separately
depending on requirements.

Base on the above logic we can capture the following information:


log_date Date Date of action
session_id Number Oracle session id
os_user varchar2(200) Client OS User
host_name varchar2(200) Client Hostname
module varchar2(200) Application Module
user_id Number Demantra USER_ID
object_type varchar2(2000) Object Type: Login, Series, Level, etc..
object_name varchar2(2000) Object Name
old_value varchar2(2000) Old value
new_value varchar2(2000) New vale
message varchar2(2000) Message

TABLE Structure SQL:


create table audit_log(
log_date date, session_id number, os_user varchar2(200), host_name varchar2(200), module varchar2(200),
user_id number,
object_type varchar2(200), object_name varchar2(200), old_value varchar2(2000), new_value varchar2(2000),
message varchar2(2000));
Auditing Other Objects

Series, Levels and other object changes can be audited using information stored in Demantra
tables, Oracle session environment “SYS_CONTEXT” and the Demantra SESSIONS table. This can
be accomplished by cross checking the SYS_CONTEXT SID column with Demantra SESSIONS
SID_NUM column.

For example: Create trigger on COMPUTED_FIELDS table (for Series definitions) and log activity
to AUDIT_LOG table and capture history of modifications.

Series Audit – Trigger on COMPUTED_FIELDS table

The following trigger on the COMPUTED_FIELDS table will capture changes to series titles and
series client expressions and log the changes to AUDIT_LOG table.

Audit Series Trigger

create or replace
TRIGGER audit_series
BEFORE INSERT OR UPDATE ON computed_fields
FOR EACH ROW
DECLARE
PRAGMA AUTONOMOUS_TRANSACTION;
u_id number := -1;
BEGIN

/* get demantra user_id */


begin
select user_id into u_id
from sessions
where sid_num = sys_context('USERENV', 'SID');
exception
WHEN OTHERS THEN
null;
end;

/**
* Audit series changes in Internal Name, Series Title or Client Expression changes
**/

/* log new series */


if ( :old.computed_name <> :new.computed_name ) then
insert into AUDIT_LOG ( log_date, session_id, os_user, host_name, module, user_id,
object_type, object_name, old_value, new_value, message )
values (sysdate, sys_context('USERENV', 'SID'), sys_context('USERENV', 'OS_USER'),
sys_context('USERENV', 'HOST'), sys_context('USERENV', 'MODULE'), u_id,
'Series', 'Title', :old.computed_title, :new.computed_title, 'New series.');
commit;
end if;

/* log title change */


if ( :old.computed_title <> :new.computed_title ) then
insert into AUDIT_LOG ( log_date, session_id, os_user, host_name, module, user_id,
object_type, object_name, old_value, new_value, message )
values (sysdate, sys_context('USERENV', 'SID'), sys_context('USERENV', 'OS_USER'),
sys_context('USERENV', 'HOST'), sys_context('USERENV', 'MODULE'), u_id,
'Series', 'Title', :old.computed_title, :new.computed_title, 'Series modifed.');
end if;

/* log expression change */


if ( :old.client_exp_disp <> :new.client_exp_disp ) then
insert into AUDIT_LOG ( log_date, session_id, os_user, host_name, module, user_id,
object_type, object_name, old_value, new_value, message )
values (sysdate, sys_context('USERENV', 'SID'), sys_context('USERENV', 'OS_USER'),
sys_context('USERENV', 'HOST'), sys_context('USERENV', 'MODULE'), u_id,
'Series', 'Client Expression', :old.client_exp_disp, :new.client_exp_disp, 'Series modifed.');
end if;

commit;

END;
/
AUDIT_LOG Table with log information:

You might also like