Auditing is typically used to:
Enable future accountability for current actions taken in a particular schema, table, or row, or affecting specific content
Deter users (or others) from inappropriate actions based on that accountability
Investigate suspicious activity
For example, if some user is deleting data from tables, then the security administrator might decide to audit all connections to the database and all successful and unsuccessful deletions of rows from all tables in the database.
Notify an auditor that an unauthorized user is manipulating or deleting data and that the user has more privileges than expected which can lead to reassessing user authorizations
Monitor and gather data about specific database activities
For example, the database administrator can gather statistics about which tables are being updated, how many logical I/Os are performed, or how many concurrent users connect at peak times.
Detect problems with an authorization or access control implementation
Auditing mechanism is needed from SDE side since all sessions are hitting the DBMS (ORACLE,SQL SERVER, DB2,...etc) throught SDE managment, so its difficult to aduit from database side GIS Users conecting activities. the only way is to enable auditing from SDE side in relationship with database sessions. For example, in suitations when a geodatabase user is being locked, we can not trace the host machine that is causing this lock.
