roger.plowman (6/24/2011)
Auditing data access I would think is near impossible to scale.For example, the ideal situation would log every record's access by every individual who accesses it, presumably with a datetime stamp at the very least. Probably you'd also want the individual's location as well.
Clearly to keep this level of auditing data for any length of time would require storage many orders of magnitude larger than the database itself--especially if the number of users and/or the number of accesses was large, and you wanted to keep the data for a useful period of time, say 6 months.
Likewise, even keeping delete log data for certain tables that routinely see large numbers of deletions is problematic too.
That's why ACL-style security was invented in the first place. It eliminates much of the need for access logging. Couple that with access restrictions (perhaps a time window or even physical location) and you again reduce the need to know who accessed the data.
Even if you limit the access log to who accessed a stored procedure (which makes the problem managable) does that really buy you enough forensic info to make the game worth the candle?
My thoughts exactly Roger! Concentrate on security first, and then your need to audit diminishes. Now that said, the need to audit data periodically based on specific need or particular circumstance never totally goes away, but it does diminish considerably if you address granular security properly first. 😀
"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"