22.5.1 Actions performed by the HiRDB administrator
(1) Collect an audit trail
The HiRDB administrator uses one of the following methods to collect an audit trail:
- Specify Y for the pd_audit operand
In this case, an audit trail will be collected beginning at the time of HiRDB startup.
- Execute the pdaudbegin command
In this case, the audit trail will be collected beginning at the time the command is executed.
To stop collection of the audit trail, execute the pdaudend command. Only the HiRDB administrator can execute this command. The auditor cannot use this command.
- Reference note
- If HiRDB is restarted, the previous operating status is inherited. If an audit trail was being collected, it will be collected after restart; if an audit trail was not being collected, it will not be collected after restart.
- If HiRDB undergoes a normal startup, then rather than the previous operating status, the specification of the pd_audit operand takes precedence. Even if an audit trail was being collected, if pd_audit=N is specified, no audit trail will be collected after a normal startup. If an audit trail was not being collected but pd_audit=Y is specified, an audit trail will be collected after the normal startup.
(2) Delete audit trail files
Audit trail files can be deleted with the pdaudrm command. Only the HiRDB administrator can use this command. The auditor cannot use this command.
(3) Manipulate the RDAREA that stores the audit trail table
The HiRDB administrator manipulates the RDAREA that stores the audit trail table. For example, the HiRDB administrator can perform the following actions:
- Back up the RDAREA that stores the audit trail table
- Recover the RDAREA that stores the audit trail table
- Modify the structure of the RDAREA that stores the audit trail table (extend the RDAREA, etc.)
- Add or remove usage privileges for the RDAREA that stores the audit trail table*
- * This is performed when the RDAREA that stores the audit trail table is modified. For example, the HiRDB administrator can remove usage privileges for the RDAREA before it is modified, and grant an auditor usage privileges for the RDAREA after it is modified.
(4) Create an HiRDB file system area for the audit trail files
The HiRDB administrator manipulates the HiRDB file system area for the audit trail files. For example, the HiRDB administrator performs the following actions:
- Delete the audit trail table by deleting the HiRDB file system area (delete with an OS command)*
- Back up the HiRDB file system area with the pdfbkup command
- Recover the HiRDB file system area with the pdfrstr command
- Initialize the HiRDB file system area with the pdfmkfs command
- Delete the HiRDB files that store the audit trail table with the pdfrm command
- * HiRDB does not output this event as part of the audit trail. Use the OS's audit facility to audit this event.