Customizing an audit policy in Db2 audit facility for Data Virtualization
You can customize default Db2 audit facility configurations for Data Virtualization.
About this task
Audit logging is enabled by default with a pre-defined audit policy
that is applied to the user group ALL USERS and functional users. If you are an authorized user, you
can customize the built-in audit policy to ensure that it meets your organizational needs in the
following ways:
-
Start and stop recording auditable events within the Data Virtualization instance.
-
Create an audit policy to identify which events you want monitored and recorded during the audit process.
-
Apply an audit policy to a user group to track activities among user groups with varying levels of risk that is associated with the group’s activities.
-
View all the audit policies created, and that are in use to determine whether the coverage meets your needs.
Procedure
Refer to the following tasks to customize an audit policy:
- View all current audit policies in use
- Run the following command to view all the policies that have been created:
select * from SYSCAT.AUDITUSE;
- Alter an existing audit policy
-
Refer to the Db2 ALTER AUDIT POLICY statement to enable or disable categories for an audit policy.
- View all audit policies created
- Run the following command to view all the policies that have been created:
select * from SYSCAT.AUDITPOLICIES;
- Create a policy
- Run the following example command to create an audit policy that covers most events in Data
Virtualization:
CREATE AUDIT POLICY ${NAME_OF_POLICY} CATEGORIES OBJMAINT STATUS BOTH, VALIDATE STATUS BOTH, CHECKING STATUS BOTH, SECMAINT STATUS BOTH, EXECUTE WITHOUT DATA STATUS BOTH, CONTEXT STATUS BOTH, AUDIT STATUS BOTH ERROR TYPE NORMAL;
- Apply a policy to a user group
- Run the following command to apply a policy to a user group:
AUDIT GROUP ${USER_GROUP} USING POLICY ${NAME_OF_POLICY};
- Remove a policy from a user group
- Run the following command to remove a policy from a user group:
AUDIT GROUP ${NAME_OF_GROUP} REMOVE POLICY;