When to use Audit reports
Use Audit reports or traces regularly to assist in your database administration and as part of your regular monitoring policy. More specifically, use the Audit reports if Accounting reports show unexpected numbers of authorization failures.
You can use Audit reports to monitor:
- Usage of sensitive data
- Tables that contain sensitive data, such as employee salary records, should probably be defined with AUDIT ALL. You can report usage by table and by authorization ID to look for access by unusual IDs, at unusual times, or of unexpected types. You also want to record any ALTER or DROP operations that affect the data.
- Grants of critical privileges
- Authorities such as SYSADM and DBADM and explicit privileges over sensitive data, such as an Update privilege on records of accounts payable, must be monitored carefully. A query of the Db2 catalog can show who holds such a privilege at a particular time. The Audit records can reveal whether the privilege was granted and then revoked in a period of time.
- Unsuccessful access attempts
- Some unsuccessful access attempts are only user errors, but others can be attempts to violate security. All must be investigated. If you have sensitive data, always use Audit class 1 trace data.