Deploying K2B Audit applications

This article describes all additional considerations that must be taken into account when deploying a K2B Audit application (i.e. an application that uses K2B Audit).

Security considerations

K2B Audit generates objects that should be kept away from public access. We call them "audit management objects". Audit management objects manage database triggers and may be used to understand your Data base structure, disable or enable triggers, etc. It is recommended to deploy them to a separate, non public, Web application.

Please take a look at the Deployment considerations for detailed information.

Deployment considerations

A K2B Audit application has three basic components:

  • The application itself
  • The audit analysis objects
  • The audit management objects

There are no special considerations for deploying the application itself but to be sure it does not accidentally contain audit analysis or management objects that you do not want in it.

Audit analysis objects are used to process and query audit data. They do not change audit data but may be used to understand your application data base. They should be deployed to different web application. One having more restrictive access than the application itself. The list of main audit analysis objects follows:

  • K2BAuditAnalyzer.UI.Home
  • K2BAuditAnalyzer.UI.ConvertAuditLog
  • K2BAuditAnalyzer.AnalyzeByApplicationDataMain
  • K2BAuditAnalyzer.SerialAuditConversionMain
  • K2BAuditAnalyzer.PurgeEarlierThanGivenDate
  • K2BAuditAnalyzer.UI.PurgeEarlierThanGivenDate
  • K2BAuditAnalyzer.PurgeLastYearAuditQuery

Audit management objects are critical in terms of security. Having access to them may be used to understand your application data base and to start/stop auditing. They are usually not public. The list of main audit management objects follows:

  • All files in K2B Audit SQL scripts directory
  • K2BAudit.CreateAuditTriggersWeb
  • K2BAudit.CreateAuditTriggersMain
  • K2BAudit.CreateAllTriggersMain
  • K2BAudit.DropAllTriggersMain
  • K2BAudit.CreateAuditMetadataMain
  • K2BAudit.WorkWithAuditTriggersMain

Setting up a deployed application

A K2B Audit application needs to populate K2B Audit tables with application metadata (data about the application been audited) and to define database triggers to work properly.

To populate K2B Audit tables, run K2BAudit.CreateAuditMetadataMain at the command line. Be sure the K2B Audit SQL scripts directory is accessible to this program.

There are two options to create database triggers.

The first one is to run K2BAudit.CreateAllTriggersMain at the command line. This is the easiest way but needs to be executed using a database user with sufficient privileges to perform the task. if access to such user is not available, use the second option.

The second option is to run the K2BAuditInitializationCommands.sql script using an appropriate SQL Query editor (usually part of the DBMS tool set). This is usually done by the Database Administrator.