Configuring Database Options and Audit Permissions
For each of the databases you have updated and enabled for auditing, you need to configure the new database options and set up audit permissions.
Note: To avoid the need to restart AppServers and the WebSpeed broker, you should log in to the database in single-user mode to perform any audit administration activities, such as defining database options. Otherwise, since the options are cached by the client for the current session, any changes you make will not take effect without restarting the system.
You set up the new database options in Progress using the Data Administration menu’s Admin|Database Options settings.
Database Options Settings
Select the following options:
• Trust Application Domain Registry
• Record Authenticated Client Sessions
To access audit-related menus, the user must be granted with specific audit permissions or roles. The roles are as follows:
• Audit Administrator — an authenticated user who has been granted privileges to create, update, and delete audit policies and read audit data.
• Audit Data Archiver — an authenticated user who has been granted privileges only to archive or load audit data. An audit data archiver has no access to the audit policy.
• Audit Data Reporter — an authenticated user who has been granted privileges to read the audit data.
Note: The Audit Administrator is not an Audit Data Archiver or Audit Data Reporter. The Audit Administrator role does not include the other roles.
Roles Required for Audit Menu Access
Program | Menu | Role Required |
Enhanced Controls Menu | 36.12 | N/A |
Audit Trail Report –App DB | 36.12.1 | Audit Data Reporter |
Audit Trail Report–Arc DB | 36.12.2 | Audit Data Reporter |
Audit Trail Setup Menu | 36.12.13 | N/A |
Audit Policy Import | 36.12.13.1 | Audit Administrator |
Audit Policy Export | 36.12.13.2 | Audit Administrator |
Audit Configuration Maintenance | 36.12.13.5 | Audit Administrator |
Audit Configuration Report | 36.12.13.6 | Audit Administrator |
Audit DB Maintenance | 36.12.13.11 | None |
Audit DB Report | 36.12.13.12 | None |
To grant audit permissions, you can use the Progress Data Administration menu’s Admin|Security|Edit Audit Permissions menu.
Edit Audit Permissions Menu
From this menu, you can reassign responsibility for the audit administration from the DBA to a separate audit administrator, and you can specify who can read and archive the audit data. For example, you might grant a particular user the Audit Administrator, Audit Data Archiver, and Audit Data Reporter permissions. (For further information, refer to the Progress documentation.)
