E-SEC: Database Level Auditing On PSAUTHITEM Unreadable (Doc ID 1666440.1)

Last updated on DECEMBER 28, 2016

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.50 and later
Information in this document applies to any platform.

Symptoms

Database level auditing is the only option to track menu item changes
consistently, however the way PSAUTHITEM is updated prevents meaningful
reports on the audit data.

If access is granted to a new component or access is completely removed from
a new component, simple inserts (A) or deletes (D) are noted in the audit
table.  This is normal.

However, if changes are made to the pages Authorized in a component the
permission list already has some access to, every page in every component in
every menu in that permission list is first deleted and then re-inserted.  It
is possible to distinguish the new or removed pages by the absence of the
other half of the pair (delete or insert, respectively).

Determining these 'pairs' in the audit table is prohibitive, given that the
timestamps that distinguish adjacent rows may be off by 1 or more
milliseconds, even within the same save.

Pairs of A D rows can also not be dismissed out of hand, as a change to
permissions (Display Only, Actions) will also result in A and D audit rows.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms