Enabling future accountability for current actions, Deterring users (or others, such as intruders) from inappropriate actions based on their accountability, Investigating, monitoring, and recording suspicious activity, Addressing auditing requirements for compliance – SQL performance monitoring.
In the context of a database, auditing is initiated by picking a sample of user databases which then undergo SQL performance monitoring and recording. Most professionals do this in 2 main ways – one way is by monitoring the database actions of specific users individually. This would entail the recording of the SQL statements executed by the users.
The second way is to monitor multiple factors that may include username, time, the type of application etc. Alternatively, security policies may set off auditing when a user tries to gain access to or modify certain elements in the database.
The contents triggering the response may even exist within an object. This would be possible as the security policies would automatically invoke the auditing of the database in such scenarios. Here, we will describe various auditing techniques, their uses, and how they affect audit trails.
We have listed the most important uses of database auditing below:
- The most imminent implementation of auditing creates a scope to be able to regard for actions being taken now or at a later time.
- Auditing takes into account future accountability of current actions on specific content or sections of the database. This is helpful from the perspective of optimization in SQL as well.
- It prohibits any unauthorized or unnecessary users from making any objectionable actions based on this. For instance, if a user is unexpectedly removing information from the databases, the security admin may choose to investigate each connection to the database along with all the data that went through manipulation.
- It also enables the probing of any unplanned or unintended activity that may appear suspicious.
- Inform the auditor of the presence of an intruder or unauthorized actions being taken by a user with the authorizations and privileges. This results in the auditor reassessing user privileges to control questionable data manipulation or deletion.
- Collecting information for SQL performance monitoring regarding certain database-related tasks. A good example of this would be a DBA collecting statistics such as the following –
- Each table that receives updates
- The number of logical input/output operations
- The peak hours where there are several concurrent users, and
- The number of concurrent users at such times.
- SQL performance monitoring
- Data auditing can also help identify issues related to the execution of access and authorization control. For instance, the database administrator may choose to create an audit policy that they know won’t lead to the creation of an audit record. That’s because the data in that audit policy’s record has protection from other methods. However, in case those methods do not work the way they should, these policies will create audit records as proof, thereby assisting with optimization in SQL.
Let’s take a closer look at the various types of auditing and what all they include:
- Privilege Auditing: Privilege auditing is more targeted as compared to statement auditing, While the latter only considers a specific kind of task, this form of auditing provides the user with the ability to audit important and powerful privileges and the actions they lead to. These include queries such as audit create table. The security administrator can set privilege auditing to cover the users they want or to audit each user in the database.
- Statement Auditing: This type of auditing allows the authorized user to audit SQL queries according to statement type rather than the particular scheme objects the query executes on. Generally, statement auditing covers a range of related tasks that are available for each option. This may include, for instance, an audit table that tracks many Data Definition Language (DDL) queries no matter which table they apply to. Similar to privilege auditing, the user may configure the statement auditing option to work for specific users or all the users in the database.
- Schema Object Auditing: Under schema object auditing, the user is allowed to audit the queries they need to within a schema object in particular. For instance, for some reason, you may have to investigate all the employee records in the organizational database. In that case, you may execute Audit Select on employees. This type of auditing is extremely concentrated and it is capable of checking on just a single category of queries in particular (such as select statements) on the schema object that requires the audit. Unlike statement and privilege auditing, schema object auditing is implemented upon every user of the database at all times.
- Fine-Grained Auditing: Fine-grained auditing allows the auditor to conduct an investigation at the lowest levels. They can analyse access and tasks undertaken at the most granular level on the basis of content. This is possible with the help of any Boolean measure. As an auditor, you can initiate the process according to the access users have or the changes they make to a column.
Audit Record Creation
Each type of auditing has a different way of creating records. Standard auditing, for instance, will only generate audit records if it is enabled by the security administrator for the whole database. SQL performance monitoring – On the other hand, its settings won’t have an impact on those of fine-grained auditing since the latter applies audit policies according to each object.
