22.4.3 Auditor registration, creation of the RDAREA to store the audit trail table, and creation of the audit trail table

Executor: HiRDB administrator

Execute the database structure modification utility (pdmod command), and perform the following. All of the following tasks can be performed simultaneously with a single issuance of the pdmod command.

Organization of this subsection
(1) Register the auditor
(2) Create the RDAREA to store the audit trail table
(3) Create the audit trail table

(1) Register the auditor

Register the auditor with the pdmod command's create auditor statement. The auditor can perform the following operations:

Notes
  • The registered auditor cannot be deleted and updated at the same time.
  • Create a user without DBA privilege as the auditor. The HiRDB administrator cannot be the auditor.
  • Only one person can be registered as the auditor (there cannot be multiple auditors).
  • The auditor cannot hold the DBA privilege. Table 22-11 lists the user privileges that can be held by the auditor.

    Table 22-11 User privileges that can be held by the auditor

    Type of user privilegeYes/NoRemarks
    Audit privilegeYesThese privileges are granted automatically when the auditor is registered.
    CONNECT privilegeYes
    Schema definition privilegeYes
    DBA privilegeNoThe auditor cannot hold the DBA privilege.
    RDAREA usage privilegeYesThe privilege to use the RDAREA that stores the audit trail table must be granted by a user who has the DBA privilege. This also applies to use of other RDAREAs.
    Table access privilegeYesThe auditor can hold audit trail table access privilege. The privilege to access other tables must be granted by each table's owner.
Legend:
Yes: This privilege can be held.
No: This privilege cannot be held.
Notes when the Directory Server linkage facility is used
  • Register the auditor's user information with the Directory Server.
  • The auditor changes the password with the GRANT AUDIT statement. It must be changed to the password registered with the Directory Server.

(2) Create the RDAREA to store the audit trail table

Create the RDAREA where the audit trail table will be stored using the pdmod command's create rdarea statement. The following should be considered when creating the RDAREA for storing the audit trail table:

(3) Create the audit trail table

Create the audit trail table with the pdmod command's create audit table statement. The following should be considered when creating the audit trail table: