Reports : PCI, SOX, and HIPAA reports : Report: History of Privilege Changes
 
Report: History of Privilege Changes
This report tracks privileged changes to database user access rights (i.e. granting of privileged or escalated access rights). The report identifies the database account that was changed, the type of privilege that was granted, the date of the change, and the account that initiated the change. The report should be reviewed by both IT and Business Management on a quarterly basis.
COBIT objectives
This report is designed to meet the following COBIT objectives:
Objective Number
Description
AI2.4, DS3.5, DS5.3, DS5.4
Changes to escalate database user access privileges are tracked for review on a quarterly basis by the IT manager and the application business manager
Setup requirements
Sox History of Privilege Changes policy: Just enable the policy. No settings of Object Audit or User Audit Options required.
Report columns
The following columns are displayed in the report body.
Columns
Description
User ID
The ID of the database user that conducted the flagged activity
Grantee
The name of the user for whom privileges were changed
Action
The type of action successfully enacted by a non-application user account. Actions include UPDATE, INSERT, and GRANT
Target
The object on which the privileges were changed
Privilege Details
The type of object privilege granted to, or revoked from, the grantee.
Timestamp
The exact time the flagged activity was conducted.
See also
General steps for generating PCI, SOX, and HIPAA reports