Access to the audit trail
Standard users must not be able to view or alter audit files. The audit trail (that is, the audit files) must be accessed only with the onshowaudit utility, which has its own protection, as follows:
- With role separation on, only an AAO can run onshowaudit.
- With role separation off on UNIX™, only user onedb, a member of the onedb group, or user root can run onshowaudit.
- With role separation off on Windows™, only user onedb can run onshowaudit.