Audit database

The audit database is stored in tables that use row-level security. Each row is given a label derived from combining the label of the user who is doing the action and the audit categories associated with that user. The label of the user is used so that someone who views the audit data is able to see the original data as well, since what is captured for the operations might contain some of the original data.

Access to the data is restricted by adding in audit categories, which can prevent the user that is doing the action from viewing the audit data. It also allows the audit data to be partitioned among auditors.

There can be two IBM® Netezza® systems, the source system where the audit data is captured, and the target system, where the audit data is stored. These systems can be the same system.

To create the audit database, run the following command aimed at the target system, configuring desired options. If an option is not specified, the associated environment variable is used.
/nz/kit/bin/adm/nzhistcreatedb [options]
The following table explains the options available.
Table 1. Audit history database options
Option Description
{-d | --db} dbname The name of the history database to be created.
{-n | --host} NZ_HOST The host name of the NPS® system on which the database resides. The default and only possible value for this option is NZ_HOST.
{-t | --db-type} [Q|query|A|audit] The type of the database to be created:
Q | query
A query database collects and stores the data that is most commonly needed to monitor and report on the query activity of a system.
A | audit
An audit database collects the same data as a query database, but stores the data in row-secured tables and digitally signs the data to prevent it from being changed. You can also specify that an audit database is to log the activity of all users or of specific users or groups. For more information about query history databases, see the IBM Netezza System Administrator’s Guide.
Important: The specified type must match the history database type specified in the CREATE HISTORY CONFIGURATION command used to create the active history configuration; otherwise, the loader process fails.
{-o | --owner}user The user account of the owner of the history database. The specified user account must already be defined and must have Create Database privilege. The default is NZ_USER. You cannot specify the admin user to be the database owner.

If the owner (-o parameter) and load user (-u parameter) accounts are different, the owner account must also be granted the List privilege for the load user account.

{-p | --pw} password The password for the owner user account. The default is NZ_PASSWORD.
{-u | --user} user The load user, that is, the user account that is to be used to load history data into the database. The load user is automatically granted the privileges that are needed to perform the corresponding insert operations. The default load user is the database owner. You cannot specify the admin user to be the load user.

The password for the load user is not specified in this command; instead, it is specified in the history configuration.

{-v | --schema} number The number of the schema version that is to be used for the history database that is to be created:
1
For Netezza Release 4.6 to 7.0.2.
2
For Netezza Release 7.0.3 to 7.0.4.
3
For Netezza Release 7.1.
For more information about the differences among these versions, see the information on history database versions in the IBM Netezza System Administrator’s Guide.
Important: The specified version number must match the version number specified in the CREATE HISTORY CONFIGURATION command used to create the active history configuration; otherwise, the loader process fails.
-h | --help Display the usage and syntax for the command.