22.1.5 Accessing an audit trail

The audit trail is output to an audit trail file. The data in an audit trail file can be accessed using SQL after the data has been loaded into the audit trail table by the database load utility (pdload command). The auditor can reference an audit trail table (but cannot modify it). A user other than the auditor can access (but cannot modify) an audit trail table if the auditor has granted access privilege to that user. Figure 22-2 shows how to access the audit trail.

Figure 22-2 Accessing the audit trail

[Figure]

Explanation
  1. When audited events are executed, an audit trail is output to an audit trail file. An audit trail file is created in a HiRDB file system area for audit trail files. For details about audited events, see 22.1.7 Audited events.
  2. The audit trail output to an audit trail file becomes the input information to the database load utility (pdload command) for data loading to record the data in the audit trail table. For details, see 22.7 Recording data in the audit trail table.
  3. The auditor uses the audit trail table to inspect the audit. For details about the audit trail table, see 22.8 Audit trail table columns.

Table 22-1 shows the differences between an audit trail table and other tables.

Table 22-1 Differences between an audit trail table and other tables

Action on tableAudit trail tableOther tables
Defining a tableHiRDB administrator uses the pdmod command to define the table.Each user uses CREATE TABLE to define the table.
Deleting a tableOnly the auditor can delete the table. Users with DBA privilege cannot delete the table.Table owner deletes the table. Users with DBA privilege can also delete the table.
Modifying the table definitionCannot be done.Table owner can modify the table.
Granting access privileges to other usersOnly the SELECT privilege can be granted.SELECT, INSERT, UPDATE, and DELETE privileges can all be granted.
Loading data into a tableCan be executed only by the auditor.Can be executed by the table owner. Can also be executed by other users who are granted access privilege.
Reorganizing a tableCan be executed only by the auditor.Can be executed by users with DBA privilege. Can also be executed by other users who are granted access privilege.
Usage privilege to RDAREAs for storing the tableOnly the auditor has the usage privilege.Table owner has the usage privilege. Can also be used by other users who are granted the privilege.
Row-partitioning of a tableNY
Accessing a tableSELECTYY
INSERTNY
UPDATENY
DELETECan be performed only by the auditor.Y
PURGECan be performed only by the auditor.Y
Legend:
Y: Can be executed.
N: Cannot be executed.