I like that 'Thou shalt not lie - unless you are a enterprise software salesman' header on that web page :-)
Nice article though.. Joe ----- Original Message ---- From: patrick zandi <[EMAIL PROTECTED]> To: [email protected] Sent: Monday, January 22, 2007 3:10:50 PM Subject: Re: Logging if someone accessed form data from Crystal Reports ** http://www.securityfocus.com/infocus/1689 On 1/22/07, patrick zandi <[EMAIL PROTECTED]> wrote: Joe, But that does not prevent someone connecting through the ODBC connectors outside ARS and pull the data. I could use the DB to Gain access to ARS data, and you not know it... This is the Hippa issue. Auditing on the DB is a must. (you might need an Admin position added - just to keep up with it, but it is the Secure approach) On 1/22/07, Joe DeSouza <[EMAIL PROTECTED] > wrote: ** If crystal is the only external app using the AR System ODBC driver, maybe you could try to log an attempt to perform a search, when the CLIENT-TYPE is the AR ODBC driver.. I think the value for that is 6... I haven't tried it but it must might be possible to write a piece of workflow when the AR ODBC driver performs a search on the AR System database... Give that a shot... Joe D'Souza Remedy Developer / Consultant, BearingPoint, Virginia. ----- Original Message ---- From: patrick zandi < [EMAIL PROTECTED]> To: [email protected] Sent: Monday, January 22, 2007 2:47:44 PM Subject: Re: Logging if someone accessed form data from Crystal Reports ** Ron, I would say this is outside the Realm of ARS, as the DB connection is the issue.. Now maybe BMC will add this feature in the future for tracking all data accessed with from DB level or ARS, but I do know know of anything like this yet. I would recommend checking your DB.. Oracle has Auditing Functionality, Also there are records for Listener connections, yet that does not tell you what tables.. so this is an Auditing withing the DB... Now once that is (DB Auditing) is running .. I am sure Remedy will access the Table records as its own.. for checking purposes just fine... Crystal is using ARODBC or ODBC -- or a Data Base Connection.. Help this get's you on the Correct Track.. Have a Great day. On 1/22/07, Smith, Ron <[EMAIL PROTECTED] > wrote: ** We have the need to place electronic patient health information into our Helpdesk application into permissioned off fields. In this day and age, Data Security in the Healthcare field is at DEFCON 5, I know from personal experience at Providence. We are about to implement workflow to log when a User accesses the Permissioned data on a form, i.e.. could have looked at a diary and attachment field. We know what to do inside the ARS environment to log this, but the question came up about a User going through Crystal Reports. Is there are way to identify a User could have viewed the Permissioned data through Crystal and then fire workflow that we could then update a Audit form like we do with workflow. Or is this data available else where that we could at least view and store for future auditing purposes. Thanks, Ron Smith Web/Remedy System Developer Providence Health System [EMAIL PROTECTED] 503-216-7866 DISCLAIMER: This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message. __20060125_______________________This posting was submitted with HTML in it___ -- Patrick Zandi __20060125_______________________This posting was submitted with HTML in it___ 8:00? 8:25? 8:40? Find a flick in no time with theYahoo! Search movie showtime shortcut. __20060125_______________________This posting was submitted with HTML in it___ -- Patrick Zandi -- Patrick Zandi __20060125_______________________This posting was submitted with HTML in it___ ____________________________________________________________________________________ Don't pick lemons. See all the new 2007 cars at Yahoo! Autos. http://autos.yahoo.com/new_cars.html _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
