22.1.3 Examples of audit trail collection

Examples of audit trail collection are shown below.

Example 1: Collect an audit trail of table accesses
When a table is accessed, the table's access privilege (SELECT privilege) is used, and an audit trail is collected.
Table search contents (SQL specification)Audit trail contents
ExecutorPrivilege usedManipulated objectManipulated object's nameAction
A user (USR1) issues the following SELECT statement:
SELECT C1 FROM USR1.T1
PrivilegeUSR1Table access (SELECT privilege)TableUSR1.T1Accesses a table (SELECT)
TerminationUSR1[Figure]TableUSR1.T1Accesses a table (SELECT)
A user (USR2) issues the following SELECT statement:
SELECT T1.C1,T2.C1
FROM USR1.T1 T1,USR2.T2 T2
WHERE T1.C1=T2.C1
PrivilegeUSR2Table access (SELECT privilege)TableUSR1.T1Accesses a table (SELECT)
USR2Table access (SELECT privilege)TableUSR2.T2Accesses a table (SELECT)
TerminationUSR2[Figure]TableUSR1.T1Accesses a table (SELECT)
USR2[Figure]TableUSR2.T2Accesses a table (SELECT)
Legend:
Privilege: Audit trail collected during privilege checking
Termination: Audit trail collected at event termination
[Figure]: Not applicable
Example 2: Collect an audit trail of table definitions and deletions
When a table is defined or deleted, schema owner privilege, table owner privilege, and RDAREA usage privilege are used, and an audit trail is collected.
Table search contents (SQL specification)Audit trail contents
ExecutorPrivilege usedManipulated objectManipulated object's nameAction
A user (USR1) issues the following CREATE TABLE statement:
CREATE TABLE
T1(C1 INT) IN RDAREA1
PrivilegeUSR1RDAREA usage privilegeRDAREARDAREA1Creates a definition
USR1OwnerSchemaUSR1Creates a definition
USR1OwnerTableUSR1.T1Creates a definition
TerminationUSR1[Figure]TableUSR1.T1Creates a definition
A user (USR2) issues the following DROP TABLE statement:
DROP TABLE T1
PrivilegeUSR2OwnerTableUSR2.T1Deletes a definition
TerminationUSR2[Figure]TableUSR2.T1Deletes a definition
Legend:
Privilege: Audit trail collected during privilege checking
Termination: Audit trail collected at event termination
[Figure]: Not applicable