December 13, 2011

DB2 10 Audit Policy

The DB2 trace facility provides a method to collect monitoring, auditing and performance information about your data, application and system. DB2 10 introduces the capability to define an audit policy to generate trace records based on an audit category.

DB2 audit policies are defined by inserting rows into the SYSIBM.SYSAUDITPOLICIES table. Each policy is specific to one of these categories:

CHECKING:         Logs audit access denied attempts as well as external security authentication failures.

VALIDATE:           Logs instances when a trusted connection is established or when a new user is using the connection.

OBJMAINT:         Logs instances when a table is altered or dropped. This includes cloned tables and implicitly created tables for XML columns.

EXECUTE            Logs instances when the given object schema, name and type is accessed during the first operation performed by each unit of work. Also records bind time information about SQL statements that include tables identified by object schema, name and type.

CONTEXT:           Audits all utilities.

SECMAINT:         Audits grant, revoke, create trusted context and alter trusted context.

SYSADMIN:         Logs instances of operations being performed using an administrative authority (install SYSADM, SYSADM and SYSCTRL; install SYSOPR and SYSOPR) to perform system administration tasks.

DBADMIN:          Logs instances of operations being performed using an administrative authority (system DBADM, DBADM, DBCTRL, SECADM, ACCESSCTRL, SQLADM, DBMAINT, PACKADM and DATAACCESS) to perform database administration tasks.

Once a policy is defined in SYSIBM.SYSAUDITPOLICIES, it can be activated by using the START TRACE command for an audit with the policy parameter AUDTPLCY(policyname). To learn more about audit policy and see examples, see the DB2 10 for z/OS Administration Guide.