Tracking configuration changes in SAP ASE 16

Introduction

A principal component of a protected system is accountability. One way to ensure accountability is to examine events on the system. Many events that occur in SAP ASE can be recorded, such as – but not limited to – DMLs and DDLs. Auditing is an important part of security in any RDBMS. By probing the audit trail, a Sytem Security Officer – SSO- can monitor the activity of specific users.

Each audit record can capture the nature of the event, the date/time, the login responsible for it, and the success or failure of the event. The audit trail, or log of audit records, allows the SSO to reconstruct events that occurred on the system and evaluate their impact on ASE.

One major enhancement introduced in SAP ASE 16, is the possibility to track configuration changes. For several years, DBAs were relying on their own scripts built around “sysconfigures” and “syscurconfigs” system tables to gather such info.

Tracking configuration changes

A new feature is introduced in SAP ASE 16 that allows a DBA to track the configuration changes done on SAP ASE. This is a new enhancement done on the “sybsecurity” database. Using the SAP ASE security database, one can easily track modifications done on configuration parameters. Installing “sybsecurity” database is mandatory to be able to implement this new functionality. Refer to the following link for installing “sybsecurity” database: Install the Audit System

Auditing configuration changes

Once the audit system is installed and configured, you only need to apply the below set of commands:

Simulation – Tracking configuration changes

Once done, simulate some changes as below:

 

Check the changes using: sp_confighistory

Happy auditing!

Leave a Reply