http://www.securityfocus.com/infocus/1689
On 1/22/07, patrick zandi <[EMAIL PROTECTED]> wrote:
Joe, But that does not prevent someone connecting through the ODBC connectors outside ARS and pull the data. I could use the DB to Gain access to ARS data, and you not know it... This is the Hippa issue. Auditing on the DB is a must. (you might need an Admin position added - just to keep up with it, but it is the Secure approach) On 1/22/07, Joe DeSouza <[EMAIL PROTECTED]> wrote: > > ** If crystal is the only external app using the AR System ODBC driver, > maybe you could try to log an attempt to perform a search, when the > CLIENT-TYPE is the AR ODBC driver.. I think the value for that is 6... I > haven't tried it but it must might be possible to write a piece of > workflow when the AR ODBC driver performs a search on the AR System > database... > > Give that a shot... > > Joe D'Souza > Remedy Developer / Consultant, > BearingPoint, > Virginia. > > > ----- Original Message ---- > From: patrick zandi < [EMAIL PROTECTED]> > To: [email protected] > Sent: Monday, January 22, 2007 2:47:44 PM > Subject: Re: Logging if someone accessed form data from Crystal Reports > > ** Ron, > I would say this is outside the Realm of ARS, as the DB connection is > the issue.. > Now maybe BMC will add this feature in the future for tracking all data > accessed with from DB level or ARS, but I do know know of anything like this > yet. > > I would recommend checking your DB.. Oracle has Auditing Functionality, > Also there are records for Listener connections, yet that does not tell you > what tables.. so this is an Auditing withing the DB... > Now once that is (DB Auditing) is running .. I am sure Remedy will > access the Table records as its own.. for checking purposes just fine... > > Crystal is using ARODBC or ODBC -- or a Data Base Connection.. > > Help this get's you on the Correct Track.. > > Have a Great day. > > > On 1/22/07, Smith, Ron <[EMAIL PROTECTED] > wrote: > > > > ** We have the need to place electronic patient health information > > into our Helpdesk application into permissioned off fields. In this day and > > age, Data Security in the Healthcare field is at DEFCON 5, I know from > > personal experience at Providence. We are about to implement workflow to > > log when a User accesses the Permissioned data on a form, i.e.. could > > have looked at a diary and attachment field. We know what to do inside the > > ARS environment to log this, but the question came up about a User going > > through Crystal Reports. Is there are way to identify a User could have > > viewed the Permissioned data through Crystal and then fire workflow that we > > could then update a Audit form like we do with workflow. Or is this data > > available else where that we could at least view and store for future > > auditing purposes. > > > > Thanks, > > > > *Ron Smith* > > *Web/Remedy System Developer* > > *Providence Health System* > > [EMAIL PROTECTED] * > > *503-216-7866*** > > > > > > DISCLAIMER: > > This message is intended for the sole use of the addressee, and may > > contain information that is privileged, confidential and exempt from > > disclosure under applicable law. If you are not the addressee you are hereby > > notified that you may not use, copy, disclose, or distribute to anyone the > > message or any information contained in the message. If you have received > > this message in error, please immediately advise the sender by reply email > > and delete this message. > > __20060125_______________________This posting was submitted with HTML > > in it___ > > > > > -- > Patrick Zandi __20060125_______________________This posting was > submitted with HTML in it___ > > > > ------------------------------ > 8:00? 8:25? 8:40? Find a flick in no time > with theYahoo! Search movie showtime shortcut. > __20060125_______________________This posting was submitted with HTML in > it___ > -- Patrick Zandi
-- Patrick Zandi _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
