AUDIT_JOURNAL_CP table function
The AUDIT_JOURNAL_CP table function returns rows from the audit journal that contain information from the CP (User Profile Changes) journal entries.
Every audit journal table function shares a common authorization requirement and a common set of parameters. These are described in AUDIT JOURNAL table function common information.
The result of the function is a table containing rows with the format shown in the following table. All the columns are nullable.
Column Name | Data Type | Description |
---|---|---|
The first columns returned by this table function are from the common audit journal entry header. See Common columns returned from the audit journal entry header for the column definitions. After the common columns are the following columns that describe the entry specific data for the CP audit journal entry. | ||
ENTRY_TYPE | CHAR(1) | The type of entry.
|
ENTRY_TYPE_DETAIL | VARCHAR(200) | Descriptive text that corresponds to the entry type. |
USER_PROFILE | VARCHAR(10) | The user profile that was changed. |
COMMAND_TYPE | CHAR(3) | The type of command used.
|
STATUS | VARCHAR(9) | User profile status.
Contains the null value if the value was not changed. |
PASSWORD_CHANGED | VARCHAR(3) | Whether the password changed.
Contains the null value if the value was not changed. |
NO_PASSWORD_INDICATOR | VARCHAR(3) | Whether the password is *NONE.
Contains the null value if the value was not changed. |
PASSWORD_EXPIRED | VARCHAR(4) | Whether the password is expired.
Contains the null value if the value was not changed. |
LOCAL_PASSWORD_MANAGEMENT | VARCHAR(4) | Specifies whether the user profile password should
be managed locally.
Contains the null value if the value was not changed. |
PASSWORD_CONFORMANCE | VARCHAR(8) | Indicates whether the new password conforms to the
password composition rules.
Contains the null value if PASSWORD_CHANGED is not YES. |
BLOCK_PASSWORD_CHANGE | VARCHAR(7) | Specifies the value that the block password change
has been changed to.
Contains the null value if the value was not changed. |
PASSWORD_EXPIRATION_INTERVAL | VARCHAR(7) | Specifies the value that the password expiration
interval has been changed to.
Contains the null value if the value was not changed. |
USER_EXPIRATION_DATE | VARCHAR(10) | Specifies the date when the user profile expires.
The user profile is automatically disabled or deleted on this date. Can contain the special value
*NONE to indicate the user profile does not expire. Contains the null value if the value was not changed. |
USER_EXPIRATION_ACTION | CHAR(3) | The action performed on the profile when it expires.
This value is always DSB when using the CRTUSRPRF and CHGUSRPRF commands. When using the CHGEXPSCDE
command, this value is one of the following values.
Contains the null value if the value was not changed. |
OWNED_OBJECT_OPTION | VARCHAR(7) | The type of operation performed on the objects owned
by the expiring profile. The owned object option value is specified on the OWNOBJOPT parameter of
the CHGEXPSCDE ACTION(*DELETE) command.
Contains the null value if USER_EXPIRATION_ACTION is not DLT or if the value was not changed. |
OWNED_OBJECT_OPTION_NEW_OWNER | VARCHAR(10) | The profile that will own all of the objects owned
by the expiring profile. Contains the null value if OWNED_OBJECT_OPTION is not *CHGOWN or if the value was not changed. |
PRIMARY_GROUP_OPTION | VARCHAR(7) | The type of operation performed on the objects that
have the expiring user profile as their primary group. The primary group option value is specified
on the PGPOPT parameter of the CHGEXPSCDE ACTION(*DELETE) command.
Contains the null value if USER_EXPIRATION_ACTION is not DLT or if the value was not changed. |
NEW_PRIMARY_GROUP | VARCHAR(10) | The profile that will become the new primary group
of the objects for which the expiring profile is the primary group. Can contain the following
special value:
Contains the null value when PRIMARY_GROUP_OPTION is not *CHGPGP or if the value was not changed. |
NEW_PRIMARY_GROUP_AUTHORITY | VARCHAR(8) | The authority the new primary group has to the
object.
Contains the null value when PRIMARY_GROUP_OPTION is not *CHGPGP or NEW_PRIMARY_GROUP is *NONE or if the value was not changed. |
USER_CLASS_NAME | VARCHAR(7) | The user class of the user.
Contains the null value if the value was not changed. |
SPECIAL_AUTHORITIES | VARCHAR(72) | Current® list of special authorities. This is a single string containing the list of special authorities separated by one blank. Contains the null value if the value was not changed. |
ALLOBJ | VARCHAR(3) | Current *ALLOBJ special authority
Contains the null value if the value was not changed. |
JOBCTL | VARCHAR(3) | Current *JOBCTL special authority
Contains the null value if the value was not changed. |
SAVSYS | VARCHAR(3) | Current *SAVSYS special authority
Contains the null value if the value was not changed. |
SECADM | VARCHAR(3) | Current *SECADM special authority
Contains the null value if the value was not changed. |
SPLCTL | VARCHAR(3) | Current *SPLCTL special authority
Contains the null value if the value was not changed. |
SERVICE | VARCHAR(3) | Current *SERVICE special authority
Contains the null value if the value was not changed. |
AUDIT | VARCHAR(3) | Current *AUDIT special authority
Contains the null value if the value was not changed. |
IOSYSCFG | VARCHAR(3) | Current *IOSYSCFG special authority
Contains the null value if the value was not changed. |
PREVIOUS_SPECIAL_AUTHORITIES | VARCHAR(72) | Previous list of special authorities. This is a
single string containing the list of special authorities separated by one blank. Contains the null value if the value was not changed. |
PREVIOUS_ALLOBJ | VARCHAR(3) | Previous *ALLOBJ special authority
Contains the null value if the value was not changed. |
PREVIOUS_JOBCTL | VARCHAR(3) | Previous *JOBCTL special authority
Contains the null value if the value was not changed. |
PREVIOUS_SAVSYS | VARCHAR(3) | Previous *SAVSYS special authority
Contains the null value if the value was not changed. |
PREVIOUS_SECADM | VARCHAR(3) | Previous *SECADM special authority
Contains the null value if the value was not changed. |
PREVIOUS_SPLCTL | VARCHAR(3) | Previous *SPLCTL special authority
Contains the null value if the value was not changed. |
PREVIOUS_SERVICE | VARCHAR(3) | Previous *SERVICE special authority
Contains the null value if the value was not changed. |
PREVIOUS_AUDIT | VARCHAR(3) | Previous *AUDIT special authority
Contains the null value if the value was not changed. |
PREVIOUS_IOSYSCFG | VARCHAR(3) | Previous *IOSYSCFG special authority
Contains the null value if the value was not changed. |
GROUP_PROFILE_NAME | VARCHAR(10) | The user's group profile. Can contain the special
value *NONE to indicate the user is not a member of any group profiles. Contains the null value if the value was not changed. |
GROUP_OWNER | VARCHAR(7) | Owner of objects created as a member of a group profile.
Contains the null value if the value was not changed. |
GROUP_AUTHORITY | VARCHAR(8) | The authority the user's group profile has to
objects the user creates.
Contains the null value if the value was not changed. |
GROUP_AUTHORITY_TYPE | VARCHAR(8) | The value of the group authority type parameter.
Contains the null value if the value was not changed. |
SUPPLEMENTAL_GROUP_LIST | VARCHAR(150) | The names of up to 15 supplemental group profiles
for the user. Can contain the special value *NONE to indicate the user has no supplemental groups.
Each entry except for the last one is padded with blanks to fill 10 characters. Contains the null value if the value was not changed. |
INITIAL_PROGRAM_LIBRARY | VARCHAR(10) | The library where the initial program is found. Can
contain the special value *LIBL. Contains the null value if INITIAL_PROGRAM is *NONE or if the value was not changed. |
INITIAL_PROGRAM | VARCHAR(10) | The user's initial program. Can contain the special
value *NONE to indicate the user has no initial program. Contains the null value if the value was not changed. |
INITIAL_MENU_LIBRARY | VARCHAR(10) | The library where the initial menu is found. Can
contain the special value *LIBL. Contains the null value if INITIAL_MENU is *SIGNOFF or if the value was not changed. |
INITIAL_MENU | VARCHAR(10) | The user's initial menu. Can contain the special
value *SIGNOFF to indicate the user is limited to running the initial program specified for this
profile. Contains the null value if the value was not changed. |
CURRENT_LIBRARY_NAME | VARCHAR(10) | The user's current library. Can contain the special
value *CRTDFT to indicate the user has no current library. Contains the null value if the value was not changed. |
HOME_DIRECTORY | VARGRAPHIC(5000) CCSID 1200 | Path name of the home directory or the following
special value:
Contains the null value if the value was not changed. |
LOCALE_PATH_NAME | VARGRAPHIC(5000) CCSID 1200 | Path name of the locale or one of the following
special values:
Contains the null value if the value was not changed. |
LIMIT_CAPABILITIES | VARCHAR(8) | The value of limited capabilities parameter.
Contains the null value if the value was not changed. |
ASSISTANCE_LEVEL | VARCHAR(9) | The user interface that will be used.
Contains the null value if the value was not changed. |
USER_OPTIONS | VARCHAR(70) | The level of help information detail to be shown and
the default function of the Page Up and Page Down keys. This column can contain up to seven values,
each ten characters long.
Contains the null value if the value was not changed. |
SPECIAL_ENVIRONMENT | VARCHAR(7) | The special environment in which the user operates
after signing on.
Contains the null value if the value was not changed. |
DISPLAY_SIGNON_INFORMATION | VARCHAR(7) | Indicates if the sign-on information display is shown.
Contains the null value if the value was not changed. |
LIMIT_DEVICE_SESSIONS | VARCHAR(7) | The number of device sessions allowed for a user is
limited.
Contains the null value if the value was not changed. |
KEYBOARD_BUFFERING | VARCHAR(10) | The keyboard buffering value to be used when a job
is initialized for this user profile.
Contains the null value if the value was not changed. |
MAXIMUM_ALLOWED_STORAGE | BIGINT | The amount of auxiliary storage (in kilobytes)
assigned to store permanent objects owned by this user profile in the system auxiliary storage pool
(ASP) and on all the basic ASPs combined. In addition, this value also controls the maximum amount
of auxiliary storage that can be used to store permanent objects owned by this user profile on each
Independent ASP (IASP). A value of -1 indicates *NOMAX. Contains the null value if the value was not changed. |
PRIORITY_LIMIT | INTEGER | The value of the priority limit parameter. Values
are 0 to 9. Contains the null value if the value was not changed. |
JOB_DESCRIPTION_LIBRARY | VARCHAR(10) | The library where the job description is found. Can
contain the special value *LIBL. Contains the null value if the value was not changed. |
JOB_DESCRIPTION | VARCHAR(10) | The job description used for jobs that start through
subsystem work station entries whose job description parameter values indicate the user
JOBD(*USRPRF). Contains the null value if the value was not changed. |
ALTERNATE_SUBSYSTEM_NAME | VARCHAR(10) | The alternative subsystem that will be used for this
user, instead of the default subsystem, whenever a connection is initiated to the server job
specified in ALTERNATE_SERVER_JOB_NAME. Contains the null value when COMMAND_TYPE is not SQL or if the value was not changed. |
ALTERNATE_SERVER_JOB_NAME | VARCHAR(10) | When a connection to this server is initiated for
this user it will be routed to the subsystem specified in the ALTERNATIVE_SUBSYSTEM_NAME column. Can
contain the special value *ALL. To understand the Server Job Name mapping to server names and the default subsystem use, see Server table. Contains the null value when COMMAND_TYPE is not SQL or if the value was not changed. |
ACCOUNTING_CODE | VARCHAR(15) | The accounting code that is associated with this
user profile or the following special value:
Contains the null value if the value was not changed. |
MESSAGE_QUEUE_LIBRARY | VARCHAR(10) | The library where the message queue is found. Can
contain the special value *LIBL. Contains the null value if the value was not changed. |
MESSAGE_QUEUE | VARCHAR(10) | The message queue to which messages are sent or the
following special value:
Contains the null value if the value was not changed. |
MESSAGE_QUEUE_DELIVERY_METHOD | VARCHAR(7) | How messages sent to the message queue for this user
are to be delivered.
Contains the null value if the value was not changed. |
MESSAGE_QUEUE_SEVERITY | INTEGER | The lowest severity code that a message can have and
still be delivered to a user in break or notify mode. This is a value from 0 to 99. Contains the null value if the value was not changed. |
PRINT_DEVICE | VARCHAR(10) | The default printer device for this user or one of
the following special values:
Contains the null value if the value was not changed. |
OUTPUT_QUEUE_LIBRARY | VARCHAR(10) | The library where the output queue is found. Can
contain the special value *LIBL. Contains the null value if the value was not changed. |
OUTPUT_QUEUE | VARCHAR(10) | The output queue to be used by this user profile or
one of the following special values:
Contains the null value if the value was not changed. |
ATTENTION_KEY_HANDLING_ PROGRAM_LIBRARY
|
VARCHAR(10) | The library where the ATTN program is found. Can
contain the special value *LIBL. Contains the null value if the value was not changed. |
ATTENTION_KEY_HANDLING_PROGRAM | VARCHAR(10) | The program to be used as the Attention (ATTN) key
handling program for this user or one of the following special values:
Contains the null value if the value was not changed. |
SORT_SEQUENCE_TABLE_LIBRARY | VARCHAR(10) | The the library where the sort sequence table is
found. Can contain the special value *LIBL. Contains the null value if the value was not changed. |
SORT_SEQUENCE_TABLE | VARCHAR(10) | The sort sequence table to be used for string
comparisons for this user profile or one of the following special values:
Contains the null value if the value was not changed. |
LANGUAGE_ID | VARCHAR(7) | The language identifier to be used for this user
profile or the following special value:
Contains the null value if the value was not changed. |
COUNTRY_OR_REGION_ID | VARCHAR(7) | The country or region identifier to be used for this
user profile or the following special value:
Contains the null value if the value was not changed. |
CCSID | VARCHAR(7) | The coded character set identifier (CCSID) to be
used for this user profile.
Contains the null value if the value was not changed. |
CHARACTER_IDENTIFIER_CONTROL | VARCHAR(9) | The character identifier control (CHRIDCTL) for the job.
Contains the null value if the value was not changed. |
LOCALE_JOB_ATTRIBUTES | VARCHAR(60) | The job attributes that are to be taken from the
locale when the job is initiated. This column can contain up to six values, each ten characters long.
Contains the null value if the value was not changed. |
DOCUMENT_PASSWORD_CHANGED | VARCHAR(3) | Indicates if the document password has been changed.
Contains the null value if the value was not changed. |
DOCUMENT_PASSWORD_NONE | VARCHAR(3) | Indicates if the document password is *NONE.
Contains the null value if the value was not changed. |
EIM_ID | VARCHAR(128) | Enterprise Identity Mapping (EIM) identifier name or
the following special value:
Contains the null value if no EIM values were changed. |
EIM_ASSOCIATION_TYPE | VARCHAR(7) | EIM association type.
Contains the null value if no EIM values were changed. |
EIM_ASSOCIATION_ACTION | VARCHAR(8) | EIM association action.
Contains the null value if no EIM values were changed. |
CREATE_EIM_ID | VARCHAR(11) | Indicates whether the EIM identifier should be
created if it does not exist.
Contains the null value if no EIM values were changed. |
USER_ID_NUMBER | VARCHAR(10) | The UID for the user. Can contain the special value
*GEN to indicate the uid number is generated for the user. Contains the null value if the value was not changed. |
GROUP_ID_NUMBER | VARCHAR(10) | The GID for the user. Can contain the special values
*GEN to indicate the gid number is generated for the user or *NONE to indicate the user profile does
not have a group profile. Contains the null value if the value was not changed. |
Example
- List any user profiles that were created in the last 6 months.
SELECT USER_PROFILE FROM TABLE( SYSTOOLS.AUDIT_JOURNAL_CP( STARTING_TIMESTAMP => CURRENT TIMESTAMP - 6 MONTHS ) ) WHERE COMMAND_TYPE = 'CRT';