Report: History of Privilege Changes
This report tracks privileged changes to database user access rights (that is, granting of privileged or escalated access rights). The report identifies the database account that was changed, the type of privilege that was granted, the date of the change, and the account that initiated the change. The report should be reviewed by both IT and Business Management on a quarterly basis.
COBIT objectives
This report is designed to meet the following COBIT objectives:
Objective Number | Description |
---|---|
AI2.4, DS3.5, DS5.3, DS5.4 | Changes to escalate database user access privileges are tracked for review on a quarterly basis by the IT manager and the application business manager |
Setup requirements
Sox History of Privilege Changes policy: Just enable the policy. No settings of Object Audit or User Audit Options required.
Report columns
The following columns are displayed in the report body.
Columns | Description |
---|---|
User ID | The ID of the database user that conducted the flagged activity |
Grantee | The name of the user for whom privileges were changed |
Action | The type of action successfully enacted by a non-application user account. Actions include UPDATE, INSERT, and GRANT |
Target | The object on which the privileges were changed |
Privilege Details | The type of object privilege granted to, or revoked from, the grantee. |
Timestamp | The exact time the flagged activity was conducted. |