Some database applications are designed to use or share a small number of database user accounts. These applications manage their users independently of the database management system, which means that when observing database traffic from outside of the application, it can be difficult to determine the application user who is controlling a database connection at any given point in time. However, when questionable database activities occur, you need to relate specific actions to specific individuals, rather than to an account shared by groups of individuals. In other words, you must know the application user, not just the database user.
Guardium provides several methods to identify application users, when the actual database user is not apparent from the database traffic:
Identify Users via Application User Translation - For some of the most popular commercial applications (Oracle EBS, PeopleSoft, SAP, etc.), Guardium can identify users automatically.
Identify Users via API - The Application Events API allows you to signal Guardium when an application user takes or relinquishes control of a connection, or when any other event of interest occurs. (This can be used for more than just identifying users.)
Identify Users via Stored Procedures - Many applications use database stored procedures to identify the application user. In these cases, user information can usually be extracted from the stored procedure parameters.
Within the enterprise, it may be necessary to employ several methods to identify users, depending on the applications used.