Audit record layout for SECMAINT events
The format of the audit record for SECMAINT events is shown in the following table.
timestamp=1998-06-24-11.57.45.188101;
category=SECMAINT;
audit event=GRANT;
event correlator=4;
event status=0;
database=FOO;
userid=boss;
authid=BOSS;
application id=*LOCAL.boss.980624155728;
application name=db2bp;
package schema=NULLID;
package name=SQLC28A1;
package section=0;
object schema=BOSS;
object name=T1;
object type=TABLE;
grantor=BOSS;
grantee=WORKER;
grantee type=USER;
privilege=SELECT;
NAME | FORMAT | DESCRIPTION |
---|---|---|
Timestamp | CHAR(26) | Date and time of the audit event. |
Category | CHAR(8) | Category of audit event. Possible
values are: SECMAINT
|
Audit Event | VARCHAR(32) | Specific Audit Event. For a list of possible values, refer to the section for the SECMAINT category in Audit events. |
Event Correlator | INTEGER | Correlation identifier for the operation being audited. Can be used to identify what audit records are associated with a single event. |
Event Status | INTEGER | Status of audit event, represented
by an SQLCODE where Successful event > = 0
Failed event < 0 |
Database Name | CHAR(8) | Name of the database for which the event was generated. Blank if this was an instance level audit event. |
User ID | VARCHAR(1024) | User ID at time of audit event. |
Authorization ID | VARCHAR(128) | Authorization ID at time of audit event. |
Origin Node Number | SMALLINT | Member number at which the audit event occurred. |
Coordinator Node Number | SMALLINT | Member number of the coordinator member. |
Application ID | VARCHAR(255) | Application ID in use at the time the audit event occurred. |
Application Name | VARCHAR(1024) | Application name in use at the time the audit event occurred. |
Package Schema | VARCHAR(128) | Schema of the package in use at the time of the audit event. |
Package Name | VARCHAR(128) | Name of package in use at the time the audit event occurred. |
Package Section Number | SMALLINT | Section number in package being used at the time the audit event occurred. |
Object Schema | VARCHAR(128) | Schema of the object for which the
audit event was generated. If the object type field is ACCESS_RULE then this field contains the security policy name associated with the rule. The name of the rule is stored in the field Object Name. If the object type field is SECURITY_LABEL, then this field contains the name of the security policy that the security label is part of. The name of the security label is stored in the field Object Name. |
Object Name | VARCHAR(128) | Name of object for which the audit
event was generated. Represents a role name when the audit event
is any of:
If the object type field is ACCESS_RULE then this field contains the name of the rule. The security policy name associated with the rule is stored in the field Object Schema. If the object type field is SECURITY_LABEL, then this field contains the name of the security label. The name of the security policy that it is part of is stored in the field Object Schema. |
Object Type | VARCHAR(32) | Type of object for which the audit
event was generated. Possible values include: those shown in the
topic titled Audit record object types. The value is ROLE
when the audit event is any of:
|
Grantor | VARCHAR(128) | The ID of the grantor or the revoker of the privilege or authority. |
Grantee | VARCHAR(128) | Grantee ID for which a privilege
or authority was granted or revoked. Represents a trusted context
object when the audit event is any of:
|
Grantee Type | VARCHAR(32) | Type of the grantee that was granted
to or revoked from. Possible values include: USER, GROUP, ROLE, AMBIGUOUS,
or is TRUSTED_CONTEXT when the audit event is any of:
|
Privilege or Authority | CHAR(34)
|
Indicates the type of privilege or
authority granted or revoked. Possible values include: those shown
in the topic titled List of possible SECMAINT privileges or authorities. The
value is ROLE MEMBERSHIP when the audit event is any of the following:
|
Package Version | VARCHAR(64) | Version of the package in use at the time the audit event occurred. |
Access Type | VARCHAR(32) | The access type for which a security label is
granted. Possible values:
The access type for which a security policy is altered.
Possible values:
|
Assumable Authid | VARCHAR(128) | When the privilege granted is a SETSESSIONUSER privilege this is the authorization ID that the grantee is allowed to set as the session user. |
Local Transaction ID | VARCHAR(10) FOR BIT DATA | The local transaction ID in use at the time the audit event occurred. This is the SQLU_TID structure that is part of the transaction logs. |
Global Transaction ID | VARCHAR(30) FOR BIT DATA | The global transaction ID in use at the time the audit event occurred. This is the data field in the SQLP_GXID structure that is part of the transaction logs. |
Grantor Type | VARCHAR(32) | Type of the grantor. Possible values include: USER. |
Client User ID | VARCHAR(255) | The value of the CURRENT CLIENT USERID special register at the time the audit event occurred. |
Client Workstation Name | VARCHAR(255) | The value of the CURRENT CLIENT_WRKSTNNAME special register at the time the audit event occurred. |
Client Application Name | VARCHAR(255) | The value of the CURRENT CLIENT_APPLNAME special register at the time the audit event occurred. |
Client Accounting String | VARCHAR(255) | The value of the CURRENT CLIENT_ACCTNG special register at the time the audit event occurred. |
Trusted Context User | VARCHAR(128) | Identifies a trusted context user when the audit event is ADD_USER or DROP_USER. |
Trusted Context User Authentication | INTEGER | Specifies the authentication setting for
a trusted context user when the audit event is ADD_USER, DROP_USER
or ALTER_USER_AUTHENTICATION 1 : Authentication is required
0 : Authentication is not required |
Trusted Context Name | VARCHAR(255) | The name of the trusted context associated with the trusted connection. |
Connection Trust Type | CHAR(1) | Possible values are:
'' - NONE '1' - IMPLICIT_TRUSTED_CONNECTION '2' - EXPLICIT_TRUSTED_CONNECTION |
Role Inherited | VARCHAR(128) | The role inherited through a trusted connection. |
Associated Object Name | VARCHAR(128) | Name of the object for which an association exists. The meaning of the association depends on the Object Type for the event. If the Object Type is PERMISSION or MASK, then the Associated Object is the table on which that permission or mask has been created. |
Associated Object Schema | VARCHAR(128) | Name of the object schema for which an association exists. The meaning of the association depends on the Object Type of the event. |
Associated Object Type | VARCHAR(128) | The type of the object for which an association exists. The meaning of the association depends on the Object Type of the event. |
Associated Subobject Type | VARCHAR(128) | The type of the subobject for which an association exists. The meaning of the association depends on the Object Type of the event. If the Object Type is MASK and the Associated Object type is TABLE, then the associated subobject is the column of the table on which the mask has been created. |
Associated Subobject Name | VARCHAR(128) | Name of the subobject for which an association exists. The meaning of the association depends on the Object Type of the event. |
Alter Action | VARCHAR(32) | Specific Alter Action.
Possible values include:
|
Secured | VARCHAR(32) | Specifies if the object is a secure object. |
State | VARCHAR(32) | Specifies the state of the object. The state depends on the Object Type.
Possible values include:
|
Access Control | VARCHAR(32) | Specifies what access control type the object is protected with.
Possible values include:
|
Original User ID | VARCHAR(1024) | The value of the CLIENT_ORIGUSERID global variable at the time the audit event occurred. |