Customizing an audit policy in Db2 audit facility
Upgrade to IBM Software Hub Version 5.1 before IBM Cloud Pak for Data Version 4.8 reaches end of support. For more information, see Upgrading from IBM Cloud Pak for Data Version 4.8 to IBM Software Hub Version 5.1.
You can customize default Db2 audit facility configurations.
About this task
-
Start and stop recording auditable events within the Watson Query instance.
-
Create an audit policy to identify which events you want monitored and recorded during the audit process.
-
Apply an audit policy to a user group to track activities among user groups with varying levels of risk that is associated with the group’s activities.
-
View all the audit policies created, and that are in use to determine whether the coverage meets your needs.
Procedure
Refer to the following tasks to customize an audit policy:
- Create a policy
- Run the following example command to create an audit policy that covers most events in Watson
Query:
CREATE AUDIT POLICY ${NAME_OF_POLICY} CATEGORIES OBJMAINT STATUS BOTH, VALIDATE STATUS BOTH, CHECKING STATUS BOTH, SECMAINT STATUS BOTH, EXECUTE WITHOUT DATA STATUS BOTH, CONTEXT STATUS BOTH, AUDIT STATUS BOTH ERROR TYPE NORMAL;
- Apply a policy to a user group
- Run the following command to apply a policy to a user group:
AUDIT GROUP ${USER_GROUP} USING POLICY ${NAME_OF_POLICY};
- View all audit policies created
- Run the following command to view all the policies that have been created:
select * from SYSCAT.AUDITPOLICIES;
- View all current audit policies in use
- Run the following command to view all the policies that have been created:
select * from SYSCAT.AUDITUSE;
- Remove a policy from a user group
- Run the following command to remove a policy from a user group:
AUDIT GROUP ${NAME_OF_GROUP} REMOVE POLICY;