AUDIT_JOURNAL_AX (Row and Column Access Control) table function
The AUDIT_JOURNAL_AX table function returns rows from the audit journal that contain information from the AX (Row and Column Access Control) journal entries.
Every audit journal table function shares a common authorization requirement and a common set of parameters. These are described in AUDIT JOURNAL table function common information.
The result of the function is a table containing rows with the format shown in the following table. All the columns are nullable.
| Column Name | Data Type | Description |
|---|---|---|
| The first columns returned by this table function are from the common audit journal entry header. See Common columns returned from the audit journal entry header for the column definitions. After the common columns are the following columns that describe the entry specific data for the AX audit journal entry. | ||
| ENTRY_TYPE | CHAR(1) | The type of entry.
|
| ENTRY_TYPE_DETAIL | VARCHAR(200) | Descriptive text that corresponds to the entry type. |
| OPERATION_TYPE | VARCHAR(8) | The type of operation.
|
| LIBRARY_NAME | VARCHAR(10) | The name or the library where the file is stored. |
| FILE_NAME | VARCHAR(10) | The system name of the base table that the permission or mask is associated with or the table being altered. |
| MASK_NAME | VARCHAR(128) | The column mask name. Contains the null value if ENTRY_TYPE is not M. |
| COLUMN_NAME | VARCHAR(10) | The name of the column to which the mask applies.
Contains the null value if ENTRY_TYPE is not M or OPERATION_TYPE is not CREATE. |
| PERMISSION_NAME | VARCHAR(128) | The row permission name. Contains the null value if ENTRY_TYPE is not P. |
| ENABLED | VARCHAR(3) | The row permission or column mask state.
Contains the null value if ENTRY_TYPE is not M or P or OPERATION_TYPE is not CREATE or ALTER. |
| ROW_ACCESS_CONTROL | VARCHAR(10) | The row access control state.
Contains the null value if ENTRY_TYPE is not T or OPERATION_TYPE is not ALTER, or the value was not changed. |
| COLUMN_ACCESS_CONTROL | VARCHAR(10) | The column access control state.
Contains the null value if ENTRY_TYPE is not T or OPERATION_TYPE is not ALTER, or the value was not changed. |
| PREV_ENABLED | VARCHAR(3) | The previous row permission or column mask state.
Contains the null value if ENTRY_TYPE is not M or P or OPERATION_TYPE is not ALTER. |
| PREV_ROW_ACCESS_CONTROL | VARCHAR(10) | The previous row access control state.
Contains the null value if ENTRY_TYPE is not T or OPERATION_TYPE is not ALTER, or the value was not changed. |
| PREV_COLUMN_ACCESS_CONTROL | VARCHAR(10) | The previous column access control state.
Contains the null value if ENTRY_TYPE is not T or OPERATION_TYPE is not ALTER, or the value was not changed. |
| SQL_STATEMENT_TEXT | VARGRAPHIC(5000) CCSID 1200 | The SQL statement text for the CREATE MASK or CREATE
PERMISSION statement. Contains the null value if ENTRY_TYPE is not M or P or OPERATION_TYPE is not CREATE. |
| STATEMENT_TRUNCATED | VARCHAR(3) | Whether SQL_STATEMENT_TEXT is truncated.
Contains the null value if ENTRY_TYPE is not M or P or OPERATION_TYPE is not CREATE. |
| ASP_NAME | VARCHAR(10) | The name of the auxiliary storage pool (ASP) in
which the object resides. A value of *SYSBAS indicates the system ASP and all basic user
ASPs. Contains the null value if there is no ASP information. |
| ASP_NUMBER | INTEGER | The number of the ASP device. 1 indicates the system
ASP. Contains the null value if there is no ASP information. |
Example
- List any changes to active row or column access control for the last week. These are operations
performed by an ALTER TABLE statement with an ACTIVATE or DEACTIVATE
option.
SELECT LIBRARY_NAME, FILE_NAME, ROW_ACCESS_CONTROL, COLUMN_ACCESS_CONTROL, PREV_ROW_ACCESS_CONTROL, PREV_COLUMN_ACCESS_CONTROL FROM TABLE ( SYSTOOLS.AUDIT_JOURNAL_AX (STARTING_TIMESTAMP => CURRENT DATE - 7 DAYS) ) WHERE ENTRY_TYPE = 'T';