SYSAUDITPOLICIES catalog table

The SYSAUDITPOLICIES table contains one row for each audit policy. The schema is SYSIBM.

A user with SECADM authority has the privilege to select from, insert, update, or delete from the SYSAUDITPOLICIES catalog table. A user with SQLADM, system DBADM, DATAACCESS, ACCESSCTRL, SYSCTRL or SYSADM authority has the privilege to select from this catalog table.

If a view is created on this catalog table, the DATAACCESS authority can perform insert, update, and delete on the view to indirectly insert, update, and delete on the catalog table.

Start of change FL 505 SYSIBM.SYSAUDITPOLICIES has an associated history table, SYSIBM.SYSAUDITPOLICIES_H, which provides temporal versioning of the catalog table. Both tables contain the same columns, with the same data types. The temporal relationship must be enabled before the history table can be used. Rows in the history table can be deleted by using the REORG TABLESPACE DISCARD option. For information about enabling the temporal relationship, see Temporal versioning for Db2 security-related catalog tables. End of change

Table 1. SYSIBM.SYSAUDITPOLICIES table column descriptions
Column name	Data type	Description	Use
AUDITPOLICYNAME	VARCHAR(128) NOT NULL	Name of the audit policy. The name must be an identifier of 1 to 128 characters and must begin with a letter. Any other values result in an error being returned when audit policy is started.	G
OBJECTSCHEMA	VARCHAR(128) NOT NULL WITH DEFAULT	Schema of the audited object. The object schema only applies to categories, OBJMAINT and EXECUTE.	G
OBJECTNAME	VARCHAR(128) NOT NULL WITH DEFAULT	Name of the object. The object name only applies to categories, OBJMAINT and EXECUTE. Object name can be specified using an SQL LIKE predicate. If the object name is specified using an SQL LIKE predicate, it has to be specified as a delimited identifier. The escape character to be used for the SQL LIKE predicate is obtained from RGFESCP subsystem parameter. If not specified, the default escape character is '+'.	G
OBJECTTYPE	CHAR(1) NOT NULL WITH DEFAULT	Type of the object. C Clone table P Implicit table created for XML columns T Table blank All of the above object types All other values Error when audit policy is started The object type only applies to categories, OBJMAINT and EXECUTE	G
CREATEDTS	TIMESTAMP NOT NULL WITH DEFAULT	The time when the row was inserted.	G
ALTEREDTS	TIMESTAMP NOT NULL WITH DEFAULT	The time when the row was last updated.	G
CHECKING	CHAR(1) NOT NULL WITH DEFAULT	Indicates if authorization and authentication failures are audited: A Audit all failures (Authorization and authentication failures) blank Audit none All other values Error when audit policy is started	G
VALIDATE	CHAR(1) NOT NULL WITH DEFAULT	Indicates if auditing is enabled for when a trusted connection is established or used by a different user: A Audit all blank Audit none All other values Error when audit policy is started	G
OBJMAINT	CHAR(1) NOT NULL WITH DEFAULT	Indicates if auditing is enabled for when the table that is identified by OBJECTSCHEMA, OBJECTNAME, and OBJECTTYPE columns is altered or dropped: A Audit when the specified table is altered or dropped blank Audit none All other values Error when audit policy is started	G
EXECUTE	CHAR(1) NOT NULL WITH DEFAULT	Indicates the type of auditing that is performed. Auditing is done for every unique operation on a table by an SQL statement with a unique statement ID. The table on which the SQL statement operates is identified by the OBJECTSCHEMA, OBJECTNAME, and OBJECTTYPE columns. A Audit when an operation of any kind is performed on the table during a utility or application process. C Audit when an insert, update, or delete operation is performed on the table during a utility or application process. blank No auditing is done. All other values An error occurs when the audit policy is started.	G
CONTEXT	CHAR(1) NOT NULL WITH DEFAULT	Indicates if auditing is enabled for the start of a utility, a change to a utility object or phase, and the end of utility: A Audit all utilities blank Audit none All other values Error when audit policy is started	G
SECMAINT	CHAR(1) NOT NULL WITH DEFAULT	Indicates if auditing is enabled for when a grant or revoke is made or a trusted context is created or altered: A Audit all blank Audit none All other values Error when audit policy is started	G
SYSADMIN	VARCHAR(128) NOT NULL WITH DEFAULT	Indicates if auditing is enabled for when an operation is performed using an administrative authority to perform system administration tasks: blank Audit none * Audit all the authorities I Installation SYSADM L SYSCTRL O SYSOPR R Installation SYSOPR S SYSADM All other values Error when audit policy is started The value of SYSADMIN can be a concatenated string of all supported values. For example, 'LOS' would indicate auditing of any operation that is performed using the administrative authorities: SYSCTRL, SYSOPR, and SYSADM. Multiple occurrences of a value are ignored.	G
DBADMIN	VARCHAR(128) NOT NULL WITH DEFAULT	Indicates if auditing is enabled for when an operation is performed using an administrative authority to perform database administration tasks: blank Audit none * Audit all the authorities B System DBADM C DBCTRL D DBADM E SECADM G ACCESSCTRL K SQLADM M DBMAINT P PACKADM T DATAACCESS All other values Error when audit policy is started The value of DBADMIN can be a concatenated string of all supported values. For example, 'BMP' would indicate auditing of any operation that is performed using the administrative authorities: System DBADM, DBMAINT, and PACKADM. Multiple occurrences of a value are ignored.	G
DBNAME	VARCHAR(24) NOT NULL WITH DEFAULT	Database name. The database name can be used to specify the database for auditing DBADM, DBCTRL, and DBMAINT authorities. If the database name is not specified, then all the databases, including implicit databases are audited. If the database name is specified, it only applies to DBADM, DBCTRL, and DBMAINT authorities in category, DBADMIN.	G
COLLID	VARCHAR(128) NOT NULL WITH DEFAULT	Name of the package collection. The package collection can be used to specify the collection name for auditing PACKADM authority. If specified, all packages in that collection are audited. If the collection name is not specified, packages in all collections are audited. If the package collection is specified, it only applies to PACKADM authority in category, DBADMIN.	G
DB2START	CHAR(1) NOT NULL WITH DEFAULT	Indicates if audit policies are to be started automatically during Db2 start up. Up to 8 audit policies can be specified. Y Audit policy will be started automatically during Db2 startup. S Audit policy will be started automatically during Db2 startup. The audit policy can be stopped only by a user with SECADM authority. T Audit policy will be started automatically during Db2 startup. The audit policy can be modified or stopped only by a user with the required permit to the audit policy profile in an external security product, such as RACF®. N Audit policy will not be started automatically during Db2 startup. All other values Error when audit policy is started	G
IBMREQD	CHAR(1) NOT NULL	A value of Y indicates that the row was provided with the Db2 product code. For all other values, see Release dependency indicators. The value in this field is not a reliable indicator of release dependencies.	G
SYS_START	TIMESTAMP(12) NOT NULL GENERATED ALWAYS AS ROW BEGIN	FL 505 The row-begin column of the SYSTEM_TIME period, for system-period data versioning.	G
SYS_END	TIMESTAMP(12) NOT NULL GENERATED ALWAYS AS ROW END	FL 505 The row-end column of the SYSTEM_TIME period, for system-period data versioning.	G
TRANS_START	TIMESTAMP(12) NOT NULL GENERATED ALWAYS AS TRANSACTION START ID	FL 505 The transaction-start-ID column, for system-period data versioning.	G
FL 505 GEN_SESSION_USER	VARCHAR(128) GENERATED ALWAYS AS (SESSION_USER)	The value of the SESSION_USER special register. This column contains a null value when the value is unknown for the existing rows prior to catalog level V13R1M505.	G