Audit record layout for SECMAINT events

The format of the audit record for SECMAINT events is shown in the following table.

Sample audit record:
timestamp=1998-06-24-11.57.45.188101;
category=SECMAINT;
audit event=GRANT;
event correlator=4;
event status=0;
database=FOO;
userid=boss;
authid=BOSS;
application id=*LOCAL.boss.980624155728;
application name=db2bp;
package schema=NULLID;
package name=SQLC28A1;
package section=0;
object schema=BOSS;
object name=T1;
object type=TABLE;
grantor=BOSS;
grantee=WORKER;
grantee type=USER;
privilege=SELECT;
Table 1. Audit Record Layout for SECMAINT Events
NAME FORMAT DESCRIPTION
Timestamp CHAR(26) Date and time of the audit event.
Category CHAR(8) Category of audit event. Possible values are:
   SECMAINT
Audit Event VARCHAR(32) Specific Audit Event.

For a list of possible values, refer to the section for the SECMAINT category in Audit events.

Event Correlator INTEGER Correlation identifier for the operation being audited. Can be used to identify what audit records are associated with a single event.
Event Status INTEGER Status of audit event, represented by an SQLCODE where
   Successful event > = 0
   Failed event < 0
Database Name CHAR(8) Name of the database for which the event was generated. Blank if this was an instance level audit event.
User ID VARCHAR(1024) User ID at time of audit event.
Authorization ID VARCHAR(128) Authorization ID at time of audit event.
Origin Node Number SMALLINT Member number at which the audit event occurred.
Coordinator Node Number SMALLINT Member number of the coordinator member.
Application ID VARCHAR(255) Application ID in use at the time the audit event occurred.
Application Name VARCHAR(1024) Application name in use at the time the audit event occurred.
Package Schema VARCHAR(128) Schema of the package in use at the time of the audit event.
Package Name VARCHAR(128) Name of package in use at the time the audit event occurred.
Package Section Number SMALLINT Section number in package being used at the time the audit event occurred.
Object Schema VARCHAR(128) Schema of the object for which the audit event was generated.

If the object type field is ACCESS_RULE then this field contains the security policy name associated with the rule. The name of the rule is stored in the field Object Name.

If the object type field is SECURITY_LABEL, then this field contains the name of the security policy that the security label is part of. The name of the security label is stored in the field Object Name.

Object Name VARCHAR(128) Name of object for which the audit event was generated.
Represents a role name when the audit event is any of:
  • ADD_DEFAULT_ROLE
  • DROP_DEFAULT_ROLE
  • ALTER_DEFAULT_ROLE
  • ADD_USER
  • DROP_USER
  • ALTER_USER_ADD_ROLE
  • ALTER_USER_DROP_ROLE
  • ALTER_USER_AUTHENTICATION

If the object type field is ACCESS_RULE then this field contains the name of the rule. The security policy name associated with the rule is stored in the field Object Schema.

If the object type field is SECURITY_LABEL, then this field contains the name of the security label. The name of the security policy that it is part of is stored in the field Object Schema.

Object Type VARCHAR(32) Type of object for which the audit event was generated. Possible values include: those shown in the topic titled Audit record object types.
The value is ROLE when the audit event is any of:
  • ADD_DEFAULT_ROLE
  • DROP_DEFAULT_ROLE
  • ALTER_DEFAULT_ROLE
  • ADD_USER
  • DROP_USER
  • ALTER_USER_ADD_ROLE
  • ALTER_USER_DROP_ROLE
  • ALTER_USER_AUTHENTICATION
Grantor VARCHAR(128) The ID of the grantor or the revoker of the privilege or authority.
Grantee VARCHAR(128) Grantee ID for which a privilege or authority was granted or revoked.
Represents a trusted context object when the audit event is any of:
  • ADD_DEFAULT_ROLE
  • DROP_DEFAULT_ROLE
  • ALTER_DEFAULT_ROLE
  • ADD_USER, DROP_USER
  • ALTER_USER_ADD_ROLE
  • ALTER_USER_DROP_ROLE
  • ALTER_USER_AUTHENTICATION
Grantee Type VARCHAR(32)
Type of the grantee that was granted to or revoked from. Possible values include: USER, GROUP, ROLE, AMBIGUOUS, or is TRUSTED_CONTEXT when the audit event is any of:
  • ADD_DEFAULT_ROLE
  • DROP_DEFAULT_ROLE
  • ALTER_DEFAULT_ROLE
  • ADD_USER
  • DROP_USER
  • ALTER_USER_ADD_ROLE
  • ALTER_USER_DROP_ROLE
  • ALTER_USER_AUTHENTICATION
Privilege or Authority
CHAR(34)
Indicates the type of privilege or authority granted or revoked. Possible values include: those shown in the topic titled List of possible SECMAINT privileges or authorities.
The value is ROLE MEMBERSHIP when the audit event is any of the following:
  • ADD_DEFAULT_ROLE, DROP_DEFAULT_ROLE
  • ALTER_DEFAULT_ROLE
  • ADD_USER
  • DROP_USER
  • ALTER_USER_ADD_ROLE
  • ALTER_USER_DROP_ROLE
  • ALTER_USER_AUTHENTICATION
Package Version VARCHAR(64) Version of the package in use at the time the audit event occurred.
Access Type VARCHAR(32) The access type for which a security label is granted.
Possible values:
  • READ
  • WRITE
  • ALL
The access type for which a security policy is altered. Possible values:
  • USE GROUP AUTHORIZATIONS
  • IGNORE GROUP AUTHORIZATIONS
  • USE ROLE AUTHORIZATIONS
  • IGNORE ROLE AUTHORIZATIONS
  • OVERRIDE NOT AUTHORIZED WRITE SECURITY LABEL
  • RESTRICT NOT AUTHORIZED WRITE SECURITY LABEL
Assumable Authid VARCHAR(128) When the privilege granted is a SETSESSIONUSER privilege this is the authorization ID that the grantee is allowed to set as the session user.
Local Transaction ID VARCHAR(10) FOR BIT DATA The local transaction ID in use at the time the audit event occurred. This is the SQLU_TID structure that is part of the transaction logs.
Global Transaction ID VARCHAR(30) FOR BIT DATA The global transaction ID in use at the time the audit event occurred. This is the data field in the SQLP_GXID structure that is part of the transaction logs.
Grantor Type VARCHAR(32) Type of the grantor. Possible values include: USER.
Client User ID VARCHAR(255) The value of the CURRENT CLIENT USERID special register at the time the audit event occurred.
Client Workstation Name VARCHAR(255) The value of the CURRENT CLIENT_WRKSTNNAME special register at the time the audit event occurred.
Client Application Name VARCHAR(255) The value of the CURRENT CLIENT_APPLNAME special register at the time the audit event occurred.
Client Accounting String VARCHAR(255) The value of the CURRENT CLIENT_ACCTNG special register at the time the audit event occurred.
Trusted Context User VARCHAR(128) Identifies a trusted context user when the audit event is ADD_USER or DROP_USER.
Trusted Context User Authentication INTEGER Specifies the authentication setting for a trusted context user when the audit event is ADD_USER, DROP_USER or ALTER_USER_AUTHENTICATION
1 : Authentication is required
0 : Authentication is not required
Trusted Context Name VARCHAR(255) The name of the trusted context associated with the trusted connection.
Connection Trust Type CHAR(1)
Possible values are:

'' - NONE
'1' - IMPLICIT_TRUSTED_CONNECTION
'2' - EXPLICIT_TRUSTED_CONNECTION
Role Inherited VARCHAR(128) The role inherited through a trusted connection.
Associated Object Name VARCHAR(128) Name of the object for which an association exists. The meaning of the association depends on the Object Type for the event. If the Object Type is PERMISSION or MASK, then the Associated Object is the table on which that permission or mask has been created.
Associated Object Schema VARCHAR(128) Name of the object schema for which an association exists. The meaning of the association depends on the Object Type of the event.
Associated Object Type VARCHAR(128) The type of the object for which an association exists. The meaning of the association depends on the Object Type of the event.
Associated Subobject Type VARCHAR(128) The type of the subobject for which an association exists. The meaning of the association depends on the Object Type of the event. If the Object Type is MASK and the Associated Object type is TABLE, then the associated subobject is the column of the table on which the mask has been created.
Associated Subobject Name VARCHAR(128) Name of the subobject for which an association exists. The meaning of the association depends on the Object Type of the event.
Alter Action VARCHAR(32)
Specific Alter Action.

Possible values include:
  • SECURE
  • UNSECURE
  • ENABLE
  • DISABLE
  • ACTIVATE_ROW_ACCESS_CONTROL
  • ACTIVATE_COLUMN_ACCESS_CONTROL
  • ACTIVATE_ROW_COLUMN_ACCESS_CONTROL
Secured VARCHAR(32) Specifies if the object is a secure object.
State VARCHAR(32)
Specifies the state of the object. The state depends on the Object Type.

Possible values include:
  • ENABLED
  • DISABLED
Access Control VARCHAR(32)
Specifies what access control type the object is protected with.

Possible values include:
  • ROW - Row access control has been activated for the object
  • COLUMN - Column access control has been activated for the object
  • ROW_COLUMN - Row and column access have been activated for the object
Original User ID VARCHAR(1024) The value of the CLIENT_ORIGUSERID global variable at the time the audit event occurred.