Auditing

 

DB2® UDB for iSeries™ is designed to comply with the U.S. government C2 security level. A key feature of the C2 level is the ability to perform auditing on the system.

DB2 UDB for iSeries uses the audit facilities managed by the system security function. Auditing can be performed on an object level, user, or system level. The system value QAUDCTL controls whether auditing is performed at the object or user level. The Change User Audit (CHGUSRAUD) command and Change Object Audit (CHGOBJAUD) command specify which users and objects are audited. The system value QAUDLVL controls what types of actions are audited (for example, authorization failures, creates, deletes, grants, revokes, and so on.)

DB2 UDB for iSeries can also audit row changes through the DB2 UDB for iSeries journal support.

In some cases, entries in the auditing journal will not be in the same order as they occured. For example, a job that is running under commitment control deletes a table, creates a new table with the same name as the one that was deleted, then does a commit. This will be recorded in the auditing journal as a create followed by a delete. This is because objects that are created are journaled immediately. An object that is deleted under commitment control is hidden and not actually deleted until a commit is done. Once the commit is done, the action is journaled.

 

Parent topic:

Security for SQL objects

 

Related reference

Security Reference PDF