A single audit trail is collected during a single privilege check. However, in the exceptional cases shown in Table 22-4, multiple audit trails are collected during a single privilege check.
Table 22-4 Event execution units and audit trail record output units
Events | Execution unit | Target output units | Number of output records |
---|
GRANT, REVOKE | User | Users | Number of target users |
Group | Groups | Number of target groups |
Role | Roles | Number of target roles |
CREATE CONNECTION SECURITY, DROP CONNECTION SECURITY | Setting value of the connection security facility | Setting values of the connection security facility | Number of setting values of the connection security facility |
When multiple privilege checks occur in a single event, audit trails are output as follows:
- When any one of multiple privileges is required
An audit trail is output during one of the privilege checks.
- Example
- To unload someone else's table, you must have either DBA privilege or SELECT privilege.
- Whether the DBA privilege check or the SELECT privilege check was successful is output in the audit trail.
- When all of multiple privileges are required
Audit trails are output during all the privilege checks.
- Example
- To reorganize someone else's table, you must have the INSERT, DELETE, and SELECT privileges.
- If the INSERT, DELETE, and SELECT privilege checks are all successful, audit trails are output for all three checks. If an error occurs in midstream, audit trails are output for the successful privilege checks. Failure trails are output for the unsuccessful privilege checks.