Start of change

AUDIT_JOURNAL_CA table function

The AUDIT_JOURNAL_CA table function returns rows from the audit journal that contain information from the CA (Authority Changes) journal entries.

Every audit journal table function shares a common authorization requirement and a common set of parameters. These are described in AUDIT JOURNAL table function common information.

The result of the function is a table containing rows with the format shown in the following table. All the columns are nullable.

Table 1. AUDIT_JOURNAL_CA table function
Column Name Data Type Description
The first columns returned by this table function are from the common audit journal entry header. See Common columns returned from the audit journal entry header for the column definitions. After the common columns are the following columns that describe the entry specific data for the CA audit journal entry.
OBJECT_LIBRARY VARCHAR(10) The name of the library containing the object.

Contains the null value if there is no library name.

OBJECT_NAME VARCHAR(10) The name of the object.

Contains the null value if there is no object name.

OBJECT_TYPE VARCHAR(7) The type of the object.

Contains the null value if there is no object type.

OBJECT_ATTRIBUTE VARCHAR(10) The attribute for the object type.

Contains the null value if there is no object attribute.

OBJECT_ASP_NAME VARCHAR(10) The name of the auxiliary storage pool (ASP) in which OBJECT_NAME resides. A value of *SYSBAS indicates the system ASP and all basic user ASPs.
OBJECT_ASP_NUMBER INTEGER The number of the auxiliary storage pool to which storage for OBJECT_NAME is allocated.
FIELD_NAME VARCHAR(10) The system name of the column.

Contains the null value if the authority is not related to a column or the column name is not available.

COMMAND_TYPE VARCHAR(9) The type of command used.
GRANT
Grant
GRTUSRAUT
GRTUSRAUT operation
REPLACE
Grant with replace
REVOKE
Revoke
USER_PROFILE_NAME VARCHAR(10) The name of the user profile whose authority is being granted or revoked.

Contains the null value if a user profile is not being changed.

AUTHORIZATION_LIST_MANAGEMENT
VARCHAR(3) Indicates whether authorization list management (*AUTLMGT) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
OBJECT_EXCLUDE VARCHAR(3) Indicates whether exclude (*EXCLUDE) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
OBJECT_OPERATIONAL VARCHAR(3) Indicates whether object operational (*OBJOPR) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
OBJECT_MANAGEMENT VARCHAR(3) Indicates whether object management (*OBJMGT) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
OBJECT_EXISTENCE VARCHAR(3) Indicates whether object existence (*OBJEXIST) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
OBJECT_ALTER VARCHAR(3) Indicates whether object alter (*OBJALTER) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
OBJECT_REFERENCE VARCHAR(3) Indicates whether object reference (*OBJREF) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
DATA_READ VARCHAR(3) Indicates whether data read (*READ) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
DATA_ADD VARCHAR(3) Indicates whether data add (*ADD) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
DATA_UPDATE VARCHAR(3) Indicates whether data update (*UPD) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
DATA_DELETE VARCHAR(3) Indicates whether data delete (*DLT) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
DATA_EXECUTE VARCHAR(3) Indicates whether data execute (*EXECUTE) authority is granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
PREV_AUTHORIZATION_LIST_MANAGEMENT VARCHAR(3) Indicates whether the user previously had authorization list management (*AUTLMGT) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the AUTHORIZATION_LIST_MANAGEMENT column is NO.

PREV_OBJECT_EXCLUDE VARCHAR(3) Indicates whether the user previously had exclude (*EXCLUDE) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the OBJECT_EXCLUDE column is NO.

PREV_OBJECT_OPERATIONAL VARCHAR(3) Indicates whether the user previously had object operational (*OBJOPR) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the OBJECT_OPERATIONAL column is NO.

PREV_OBJECT_MANAGEMENT VARCHAR(3) Indicates whether the user previously had object management (*OBJMGT) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the OBJECT_MANAGEMENT column is NO.

PREV_OBJECT_EXISTENCE VARCHAR(3) Indicates whether the user previously had object existence (*OBJEXIST) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the OBJECT_EXISTENCE column is NO.

PREV_OBJECT_ALTER VARCHAR(3) Indicates whether the user previously had object alter (*OBJALTER) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the OBJECT_ALTER column is NO.

PREV_OBJECT_REFERENCE VARCHAR(3) Indicates whether the user previously had object reference (*OBJREF) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the OBJECT_REFERENCE column is NO.

PREV_DATA_READ VARCHAR(3) Indicates whether the user previously had data read (*READ) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the DATA_READ column is NO.

PREV_DATA_ADD VARCHAR(3) Indicates whether the user previously had data add (*ADD) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the DATA_ADD column is NO.

PREV_DATA_UPDATE VARCHAR(3) Indicates whether the user previously had data update (*UPD) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the DATA_UPDATE column is NO.

PREV_DATA_DELETE VARCHAR(3) Indicates whether the user previously had data delete (*DLT) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the DATA_DELETE column is NO.

PREV_DATA_EXECUTE VARCHAR(3) Indicates whether the user previously had data execute (*EXECUTE) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the DATA_EXECUTE column is NO.

AUTHORIZATION_LIST VARCHAR(10) The name of the authorization list that is being modified.

Contains the null value if an authorization list is not being changed.

AUTHORIZATION_LIST_PUBLIC VARCHAR(3) Indicates whether authorization list (*AUTL public authority) authority has been granted or revoked.
NO
The authority is not changed.
YES
The authority might have changed.
PREV_AUTHORIZATION_LIST VARCHAR(10) The name of the previous authorization list.

Contains the null value if an authorization list is not being changed.

PREV_AUTHORIZATION_LIST_PUBLIC VARCHAR(3) Indicates whether the user previously had authorization list (*AUTL public authority) authority.
NO
The user did not have this authority.
YES
The user had this authority.

Contains the null value if the AUTHORIZATION_LIST_PUBLIC column is NO.

PERSONAL_STATUS_CHANGED VARCHAR(3) The personal status changed.
NO
The status did not changed.
YES
The status changed.
ACCESS_CODE_CHANGED VARCHAR(6) Whether the access code changed.
ADD
The access code was added.
REMOVE
The access code was removed.

Contains the null value if the access code was not changed.

ACCESS_CODE VARCHAR(4) Access code.

Contains the null value if the access code was not changed.

PATH_NAME VARGRAPHIC(5000) CCSID 1200 The path name of the object.

Contains the null value if the object name is not available or the object is not in the "root" (/), QOpenSys, or user-defined file systems.

PATH_NAME_INDICATOR VARCHAR(3) Path name indicator.
NO
The PATH_NAME column does not contain an absolute path name for the object, instead it contains a relative path name. The RELATIVE_DIRECTORY_FILE_ID can be used to form an absolute path name with this relative path name.
YES
The PATH_NAME column contains complete absolute path name for the object.

Contains the null value if the object is not in the "root" (/), QOpenSys, or user-defined file systems.

RELATIVE_DIRECTORY_FILE_ID BINARY(16) When PATH_NAME_INDICATOR is NO, contains the file ID of the directory that contains the object identified in the PATH_NAME column.

Contains the null value when PATH_NAME_INDICATOR is YES, or if the file ID is not available or the object is not in the "root" (/), QOpenSys, or user-defined file systems.

IFS_OBJECT_NAME VARGRAPHIC(512) CCSID 1200 The name of the object.

Contains the null value if the object name is not available or the object is not in the "root" (/), QOpenSys, or user-defined file systems.

OBJECT_FILE_ID BINARY(16) The file ID of the object.

Contains the null value if the object is not in the "root" (/), QOpenSys, or user-defined file systems.

PARENT_FILE_ID BINARY(16) The file ID of the parent directory.

Contains the null value if the file ID is not available or the object is not in the "root" (/), QOpenSys, or user-defined file systems.

OFFICE_USER VARCHAR(10) The name of the office user.

Contains the null value if there is no office user.

OFFICE_ON_BEHALF_OF_USER VARCHAR(10) User working on behalf of another user.

Contains the null value if the user name is not available.

DLO_NAME VARCHAR(12) The name of the document library object.

Contains the null value if there is no document library object.

FOLDER_PATH VARCHAR(63) The path of the folder.

Contains the null value if there is no folder path.

Example

  • List any files in APPLIB1 that had the ability to change data granted to them in the last week.
    
    SELECT OBJECT_NAME, USER_PROFILE_NAME FROM TABLE(
       SYSTOOLS.AUDIT_JOURNAL_CA(
         STARTING_TIMESTAMP => CURRENT TIMESTAMP - 7 DAYS)
      )
      WHERE COMMAND_TYPE = 'GRANT' AND
       OBJECT_LIBRARY = 'APPLIB1' AND
       OBJECT_TYPE = '*FILE' AND
       (DATA_ADD = 'YES' OR DATA_UPDATE = 'YES' OR DATA_DELETE = 'YES');
End of change