DB2 audit trace
The audit trace enables you to trace different events or categories of events by authorization IDs, object ownership, and so on.
When started, the audit trace records certain types of actions and sends the report to a named destination. The trace reports can indicate who has accessed data.
As with other types of DB2® traces, you can choose the following options for the audit trace:
- Categories of events
- Particular authorization IDs or plan IDs
- Methods to start and stop the audit trace
- Destinations for audit records
You can choose whether to audit the activity on a table by specifying an option of the CREATE and ALTER statements.
Audit trace classes
Class | Description of class | Activated IFCIDs |
---|---|---|
1 | Access attempts denied due to inadequate authorization. This default class is also activated when you omit the CLASS keyword from the START TRACE command when you start the audit trace. | 0140 |
2 | Explicit GRANT and REVOKE. | 0141 |
3 | CREATE, ALTER, and DROP operations against audited tables. | 0142 |
4 | First change of audited object. | 0143 |
5 | First read of audited object. | 0144 |
6 | Bind time information about SQL statements that involve audited objects. | 0145 |
7 | Assignment or change of authorization ID. | 0055, 0083, 0087, 0169, 0319 |
8 | Utilities. | 0023, 0024, 0025, 0219, 0220 |
9 | Installation-defined audit record. | 146 |
10 | Trusted context information. | 0269, 0270 |
11 | Audits of successful access. | 03611 |
12 - 29 | Reserved. | |
30 - 32 | Available for local use. | |
Notes:
|