SYSAUDITPOLICIES catalog table

The SYSAUDITPOLICIES table contains one row for each audit policy. The schema is SYSIBM.

A user with SECADM authority has the privilege to select from, insert, update, or delete from this catalog table. A user with SQLADM, system DBADM, DATAACCESS, ACCESSCTRL, SYSCTRL or SYSADM authority has the privilege to select from this catalog table.

If a view is created on this catalog table, the DATAACCESS authority can perform insert, update, and delete on the view to indirectly insert, update, and delete on the catalog table.

Table 1. SYSIBM.SYSAUDITPOLICIES table column descriptions
Column name Data type Description Use
AUDITPOLICYNAME
VARCHAR(128)
NOT NULL
 Name of the audit policy. The name must be an identifier of 1 to 128 characters and must begin with a letter. Any other values result in an error being returned when audit policy is started. G
OBJECTSCHEMA
VARCHAR(128)
NOT NULL
WITH DEFAULT
 Schema of the audited object. The object schema only applies to categories, OBJMAINT and EXECUTE. G
OBJECTNAME
VARCHAR(128)
NOT NULL
WITH DEFAULT
 Name of the object. The object name only applies to categories, OBJMAINT and EXECUTE. Object name can be specified using an SQL LIKE predicate. If the object name is specified using an SQL LIKE predicate, it has to be specified as a delimited identifier. The escape character to be used for the SQL LIKE predicate is obtained from RGFESCP subsystem parameter. If not specified, the default escape character is '+'. G
OBJECTTYPE
CHAR(1)
NOT NULL
WITH DEFAULT
 Type of the object.
C
Clone table
P
Implicit table created for XML columns
T
Table
blank
All of the above object types
All other values
Error when audit policy is started

The object type only applies to categories, OBJMAINT and EXECUTE

 G
CREATEDTS
TIMESTAMP
NOT NULL
WITH DEFAULT
 The time when the row was inserted. G
ALTEREDTS
TIMESTAMP
NOT NULL
WITH DEFAULT
 The time when the row was last updated. G
CHECKING
CHAR(1)
NOT NULL
WITH DEFAULT
 Indicates if authorization and authentication failures are audited:
A
Audit all failures (Authorization and authentication failures)
blank
Audit none
All other values
Error when audit policy is started
 G
VALIDATE
CHAR(1)
NOT NULL
WITH DEFAULT
 Indicates if auditing is enabled for when a trusted connection is established or used by a different user:
A
Audit all
blank
Audit none
All other values
Error when audit policy is started
 G
OBJMAINT
CHAR(1)
NOT NULL
WITH DEFAULT
 Indicates if auditing is enabled for when the table that is identified by OBJECTSCHEMA, OBJECTNAME, and OBJECTTYPE columns is altered or dropped:
A
Audit when the specified table is altered or dropped
blank
Audit none
All other values
Error when audit policy is started
 G
EXECUTE
CHAR(1)
NOT NULL
WITH DEFAULT
 Start of changeIndicates the type of auditing that is performed. Auditing is done for every unique operation on a table by an SQL statement with a unique statement ID. The table on which the SQL statement operates is identified by the OBJECTSCHEMA, OBJECTNAME, and OBJECTTYPE columns.End of change
A
Audit when an operation of any kind is performed on the table during a utility or application process.
C
Audit when an insert, update, or delete operation is performed on the table during a utility or application process.
blank
No auditing is done.
All other values
An error occurs when the audit policy is started.
 G
CONTEXT
CHAR(1)
NOT NULL
WITH DEFAULT
 Indicates if auditing is enabled for the start of a utility, a change to a utility object or phase, and the end of utility:
A
Audit all utilities
blank
Audit none
All other values
Error when audit policy is started
 G
SECMAINT
CHAR(1)
NOT NULL
WITH DEFAULT
 Indicates if auditing is enabled for when a grant or revoke is made or a trusted context is created or altered:
A
Audit all
blank
Audit none
All other values
Error when audit policy is started
 G
SYSADMIN
VARCHAR(128)
NOT NULL
WITH DEFAULT
 Indicates if auditing is enabled for when an operation is performed using an administrative authority to perform system administration tasks:
blank
Audit none
*
Audit all the authorities
I
Installation SYSADM
L
SYSCTRL
O
SYSOPR
R
Installation SYSOPR
S
SYSADM
All other values
Error when audit policy is started
The value of SYSADMIN can be a concatenated string of all supported values. For example, 'LOS' would indicate auditing of any operation that is performed using the administrative authorities: SYSCTRL, SYSOPR, and SYSADM. Multiple occurrences of a value are ignored.		 G
DBADMIN
VARCHAR(128)
NOT NULL
WITH DEFAULT
 Indicates if auditing is enabled for when an operation is performed using an administrative authority to perform database administration tasks:
blank
Audit none
*
Audit all the authorities
B
System DBADM
C
DBCTRL
D
DBADM
E
SECADM
G
ACCESSCTRL
K
SQLADM
M
DBMAINT
P
PACKADM
T
DATAACCESS
All other values
Error when audit policy is started
The value of DBADMIN can be a concatenated string of all supported values. For example, 'BMP' would indicate auditing of any operation that is performed using the administrative authorities: System DBADM, DBMAINT, and PACKADM. Multiple occurrences of a value are ignored.		 G
DBNAME
VARCHAR(24)
NOT NULL
WITH DEFAULT
 Database name. The database name can be used to specify the database for auditing DBADM, DBCTRL, and DBMAINT authorities. If the database name is not specified, then all the databases, including implicit databases are audited. If the database name is specified, it only applies to DBADM, DBCTRL, and DBMAINT authorities in category, DBADMIN. G
COLLID
VARCHAR(128)
NOT NULL
WITH DEFAULT
 Name of the package collection. The package collection can be used to specify the collection name for auditing PACKADM authority. If specified, all packages in that collection are audited. If the collection name is not specified, packages in all collections are audited. If the package collection is specified, it only applies to PACKADM authority in category, DBADMIN. G
DB2START
CHAR(1)
NOT NULL
WITH DEFAULT
 Indicates if audit policies are to be started automatically during Db2 start up. Up to 8 audit policies can be specified.
Y
Audit policy will be started automatically during Db2 startup.
S
Audit policy will be started automatically during Db2 startup. The audit policy can be stopped only by a user with SECADM authority.
Start of changeTEnd of change
Start of changeFL 509 Audit policy will be started automatically during Db2 startup. The audit policy can be modified or stopped only by a user with the required permit to the audit policy profile in an external security product, such as RACF®.End of change
N
Audit policy will not be started automatically during Db2 startup.
Start of changeAll other valuesEnd of change
Start of changeError when audit policy is startedEnd of change
 G
IBMREQD
CHAR(1)
NOT NULL
 A value of Y indicates that the row was provided with the Db2 product code. For all other values, see Release dependency indicators.

The value in this field is not a reliable indicator of release dependencies.

 G
SYS_START
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS ROW BEGIN
 Reserved for future IBM® use.The row-begin column of the SYSTEM_TIME period, for system-period data versioning. G
SYS_END
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS ROW END
 Reserved for future IBM use.The row-end column of the SYSTEM_TIME period, for system-period data versioning. G
TRANS_START
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS TRANSACTION
START ID
 Reserved for future IBM use. G