Customizing an audit policy in Db2 audit facility

Important: IBM Cloud Pak® for Data Version 4.8 will reach end of support (EOS) on 31 July, 2025. For more information, see the Discontinuance of service announcement for IBM Cloud Pak for Data Version 4.X.

Upgrade to IBM Software Hub Version 5.1 before IBM Cloud Pak for Data Version 4.8 reaches end of support. For more information, see Upgrading from IBM Cloud Pak for Data Version 4.8 to IBM Software Hub Version 5.1.

You can customize default Db2 audit facility configurations.

About this task

Audit logging is enabled by default with a pre-defined audit policy that is applied to the user group ALL USERS and functional users. If you are an authorized user, you can customize the built-in audit policy to ensure that it meets your organizational needs in the following ways:
  • Start and stop recording auditable events within the Watson Query instance.

  • Create an audit policy to identify which events you want monitored and recorded during the audit process.

  • Apply an audit policy to a user group to track activities among user groups with varying levels of risk that is associated with the group’s activities.

  • View all the audit policies created, and that are in use to determine whether the coverage meets your needs.

Procedure

Refer to the following tasks to customize an audit policy:

Create a policy
Run the following example command to create an audit policy that covers most events in Watson Query:
CREATE AUDIT POLICY ${NAME_OF_POLICY} CATEGORIES OBJMAINT STATUS BOTH, VALIDATE STATUS BOTH, CHECKING STATUS BOTH, SECMAINT STATUS BOTH, EXECUTE WITHOUT DATA STATUS BOTH, CONTEXT STATUS BOTH, AUDIT STATUS BOTH ERROR TYPE NORMAL;
Apply a policy to a user group
Run the following command to apply a policy to a user group:
AUDIT GROUP ${USER_GROUP} USING POLICY ${NAME_OF_POLICY};
View all audit policies created
Run the following command to view all the policies that have been created:
select * from SYSCAT.AUDITPOLICIES;
View all current audit policies in use
Run the following command to view all the policies that have been created:
select * from SYSCAT.AUDITUSE;
Remove a policy from a user group
Run the following command to remove a policy from a user group:
AUDIT GROUP ${NAME_OF_GROUP} REMOVE POLICY;