Security Alarm Example
A typical scenario is to audit all accesses to databases and security-relevant events (such as the creation and deletion of users and the granting of special privileges). The Vector security administrator, however, may decide that although access to certain tables should be monitored, imposing a general auditing control on all tables is not desired.
In this example assume that:
• Table “addresses” contains a list of addresses is to be audited. Updates or changes to existing information are to be recorded in the audit log.
• Table “all_summary”, a large database table, is used infrequently. Accesses are to be audited to determine whether it should be archived and deleted.
The following statements could be issued to audit security-related events:
ENABLE SECURITY_AUDIT SECURITY;
ENABLE SECURITY_AUDIT USER;
CREATE SECURITY_ALARM ON TABLE addresses
WHEN INSERT, UPDATE, DELETE;
CREATE SECURITY_ALARM ON TABLE all_summary;