IFCID 140 - Audit Auth Failures

This topic shows detailed information about Record Trace - IFCID 140 - Audit Auth Failures.

AUTH CHECKED : DB2PM
REASON       :          0 STATMNT LENGTH:      65532
PRIV CHECKED : CREATE TABLE             RETCOD:     -1
OBJECT: DATABASE          OPTIONS: X'0400000000000000'
SOURCE OBJECT: DB2PM
SOURCE OWNER : DB2PM
TARGET OBJECT: GRANT
TARGET OWNER : DB2PM
SQL STMT:
ACEE UTOKEN :'BLANK'

RID OF ROW   :  'BLANK'   SECLABEL OF ROW:  'BLANK'
AUTH ID TYPE :PRIMARY OR SECONDARY AUTH ID

AUTH CHECKED

The authorization ID being checked.

Field Name: QW0140UR

REASON

The user-defined reason code from the access control authorization exit routine.

Field Name: QW0140RS

STATMNT LENGTH

Is the length of the failing SQL statement plus 4. It is zero (0) if no SQL statement exists.

Field Name: QW0140LL

PRIV CHECKED

The privilege that was checked. Possible values are provided in the Db2 macro DSNDQW02.

Field Name: QW0140PR

RETCOD

The return code from the access control authorization exit routine.

Field Name: QW0140RC

OBJECT

The object type. N/P is printed if there is no object type. Possible values are:

• ACEE
• APPLICATION PLAN
• BUFFERPOOL
• COLLECTION
• DATABASE
• DISTINCT TYPE
• FUNCTION
• JAR
• PACKAGE
• PROCEDURE
• ROW
• SCHEMA
• SEQUENCE
• STORAGE GROUP
• TABLE OR VIEW
• TABLESPACE
• USER AUTH

  System privileges, such as SYSADM or SYSOPR

Field Name: QW0140OB

OPTIONS

The options used in the host to check the SQL statement. The bits of this field are used as indicators. If all bits are 0, the statement is not an SQL statement. The values are:

Bit 1

Host language character string delimiter

0

Apostrophe

1

Quote

Bit 2

Decimal point symbol

0

Period

1

Comma

Bit 3

SQL character string delimiter

0

Apostrophe

1

Quote

Bit 4

Mixed character string indicator

0

No

1

Yes

Bit 5

Host language options indicator

0

Do not use host language options

1

Use host language options

Bits 6 to 8

Host language indicator

001

Assembler

010

Cobol

011

PL/I

100

None - Dynamic SQL

101

Fortran

110

Cobol2

111

Null - See bits 17 to 24 for the language

Bits 9 to 16

Character set being used

00000000

Alphanumeric

00000001

Katakana

Bits 17 to 24

Alternate host language field

B

Assembler

C

Cobol

P

PL/I

F

Fortran

2

Cobol2

D

C

Bits 25 to 28

Time option

0000

None

1000

Local

0100

JIS

0010

ISO/EUR

0001

USA

Bits 29 to 32

Date option

0000

None

1000

Local

0100

EUR

0010

ISO/JIS

0001

USA

Bit 33

Decimal

0

No

1

Yes

Bits 34 to 40

Unused

Bits 41 to 48

Remote option

00000001

SQL(ALL)

00000010

SQL(DB2)

Bits 49 to 56

SQL flag option

00000000

No SQLFLAG option

00000001

SQLFLAG(SAA)

Field Name: QW0140HO

SOURCE OBJECT

The source object name.

Field Name: QW0140SN

SOURCE OWNER

The source object owner.

Field Name: QW0140SC

TARGET OBJECT

The target object name.

Field Name: QW0140TN

TARGET OWNER

The target object owner.

Field Name: QW0140TC

SQL STMT

The SQL statement text. Long SQL text can be truncated.

Field Name: QW0140SQ

ACEE UTOKEN

Shows the ACEE UTOKEN, if it is available. If it is not available, the first word of this field contains one of the following values:

0

The UTOKEN cannot be accessed

-1

An abend occurred during the attempt to access the ACEE.

Field Name: QW0140UT

RID OF ROW

Shows the RID of the row that is updated or deleted if the table has multilevel security.

Field Name: QW0140ID

SECLABEL OF ROW

Shows the security label of the row, for a table with multilevel security.

Field Name: QW0140RL

AUTH ID TYPE

The authorization ID type. Possible values are:

L

A ROLE is used.

blank

The user ID of the primary or the secondary authorization ID is used.

N/P

A blank is shown in the performance database.

N/A

A blank is shown in the performance database.

Field Name: QW0140AT