Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 8 Auditing Accesses : Auditing the Use of TIBCO Object Service Broker

Auditing the Use of TIBCO Object Service Broker
As a system administrator, you could be required to audit the use of the TIBCO Object Service Broker system. Access to TIBCO Object Service Broker and its objects by a user is logged for auditing purposes in an audit log. Data in this audit log cannot be modified.
Using the Audit Log facility, you can query and report on your users’ accesses to TIBCO Object Service Broker objects based on data stored in the audit log. Using purge tools, you can also archive the data stored in the log to files outside of TIBCO Object Service Broker.
What Determines the Level of Logging?
The SECAUDITLOG Execution Environment parameter determines the level of logging that is to take place. Security audit logging can be set to DISABLED, where nothing is recorded except for an initial entry indicating that SECAUDITLOG=DISABLED, or to NORMAL or STRICT, in which case more detailed security logging occurs. The default is NORMAL.
What is Logged in the Audit Log?
If the SECAUDITLOG parameter is set to NORMAL or STRICT, the audit log logs the following items:
If the SECAUDITLOG parameter is set to STRICT, all update accesses to non-dictionary (MetaStor) tables made by level‑7 users are logged.
For more information about selectively logging user accesses, refer to Task D: Logging Accesses to a Table.
Who Can Access the Data in the Audit Log?
All level‑7 users have read access to the audit log. All other levels of users must first be enabled to use the object set @AUDITLOG if they require access to the audit log data. Modifications to the audit log data are not allowed by any level of user. Refer to Chapter 7, Managing Object Set Security for information about enabling access to an object set.
Purging the Data Stored in the Audit Log
The data that is stored in the audit log should be purged on a regular basis. An archiving facility exists to assist you in this task, refer to Chapter 9, Archiving the Audit Log Data for information. The archiving mechanism and access to the external files that it uses are governed by external security.
Special Considerations for Strict Audit Logging
If the SECAUDITLOG Execution Environment parameter is set to NORMAL or STRICT, the following must be taken into consideration in your application development environment:
Consider modifying the COMMIT points in applications. In a strict logging environment the number of COMMITS required for a level‑7 user who updates a table is significantly higher than for a level‑1 user.
See Also
TIBCO Object Service Broker Parameters for information about the SECAUDITLOG Execution Environment parameter.
TIBCO Object Service Broker for z/OS Utilities or TIBCO Object Service Broker for Open Systems Utilities about using the S6BBRIAL/hrnbrial (Move ACCESSLOG) utility to set up a segment for the audit log data.
TIBCO Object Service Broker Programming in Rules about committing changes.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved