Manualshelf

Real Time Information Director User Documentation

ManualsBrandsHP ManualsServerHP NonStop G-Series
231232233234235236237238239240
RTID Security and Auditing
Hewlett-Packard Company 9 529618 - 002
Auditing: Who Did What and When
Like security, auditing is implemented primarily for the consumer’s benefit. Its primary
use is to protect the privacy rights of the consumer and to protect against malpractice.
Director Role in Auditing Implementation
A real-time solution might have auditing requirements of several kinds:
To quantify resource use, as a basis for billing and/or capacity planning
To monitor employee or customer activity
To ensure regulatory compliance, e.g., compliance with privacy laws
Of these requirements, the Director concerns itself with primarily with the third, but the
design is also applicable to the first or second .
Note: The auditing of transactions to support restoring the data store to a prior state is
not within the purview of the Director but is a primary function of the HP NonStop TMF
subsystem. For detailed information on this topic, see the TMF manual set.
Overview of Auditing
The designer of a real-time solution controls which document types are subject to
auditing. The metadata for a document type specifies whether to create audit records
when a document of that type enters the system (e.g., as a database update), when a
document of that type exits the system (e.g., as the response to a query), or in both cases.
The metadata also indicates whether the audit must include the request (inserted data or
query), the reply (acknowledgement of an update or the response to a query), or both.
Audit records are maintained in database tables that are, themselves, subject to queries
from clients, as illustrated later in this document.
Audit Headers and Details
The audit of a transaction invariably includes an audit header consisting of:
The internal ID of the consumer
The internal ID of the agent
The date and time when the event occurred