VMS Help  —  RMU72  Set  Audit  Usage Notes
    o  To use the RMU Set Audit command for a database, you must
       have the RMU$SECURITY privilege in the root file ACL for the
       database or the OpenVMS SECURITY or BYPASS privilege.

    o  Audit journal records collected on a database can be stored
       only in the database from which they were collected. The
       database name specified with the RMU Load command with the
       Audit qualifier identifies to Oracle Rdb both the audit
       records to be loaded and the database into which they are
       to be loaded.

    o  There is very little overhead associated with security
       auditing; no extra disk I/O is involved. Therefore, you need
       not be concerned about the impact to database performance
       should you decide to enable security auditing.

    o  You can use the Daccess=object-type option to enable DACCESS
       checking for specific objects, but the general DACCESS class
       is not enabled until you explicitly enable it by using the
       Enable=Daccess qualifier with the RMU Set Audit command.
       Also, you need to use the Start qualifier with the RMU Set
       Audit command to start the auditing and alarms that have been
       enabled.

    o  Alarms are useful for real-time tracking of auditing
       information. At the moment an alarm occurs, text messages
       regarding the alarm are displayed on security-enabled
       terminals.

       To enable a terminal to receive Oracle Rdb security alarms,
       enter the DCL REPLY/ENABLE=SECURITY command. You must have
       both the OpenVMS SECURITY and OpenVMS OPER privileges to use
       the REPLY/ENABLE=SECURITY command.

    o  Audit records are useful for periodic reviews of security
       events. Audit records are stored in a security audit journal
       file, and can be reviewed after they have been loaded into
       a database table with the RMU Load command with the Audit
       qualifier. Use the DCL SHOW AUDIT/JOURNAL command to determine
       the security audit journal file being used by your database.

    o  The AUDIT class is always enabled for both alarms and audit
       records, but does produce any alarms or audit records until
       auditing is started. The AUDIT class cannot be disabled.

    o  When you specify the Daccess=object-type option and
       one or more other options in an options list, the
       Privileges=(privilege-list) qualifier must begin after the
       closing parenthesis for the options list.

    o  To display the results of an RMU Set Audit command, enter the
       RMU Show Audit command.

    o  You can use the Disable and Enable qualifiers with indirect
       file references. See the Indirect-Command-Files help entry for
       more information.

    o  When the RMU Set Audit command is issued for a closed
       database, the command executes without other users being able
       to attach to the database.
Close Help