HiRDB security is protected by privileges. The information that can be referenced, the information that can be updated, and the objects that can be manipulated (tables, indexes, and so on) are restricted by privileges. HiRDB can keep track of various operations on the database in order to make it possible to determine whether the privileges are operating appropriately. This facility is called the security audit facility, and the record of actions that is output is called an audit trail. The audit trail that is output can be examined to check for inappropriate accesses. This check can be performed by the user who holds the audit privilege (called the auditor). The following figure outlines the security audit facility.

Figure 24-1 Outline of the security audit facility

The audit trail collects information on who performed what action on what using what privilege. The auditor can specify the actions that are to be collected in the audit trail using the CREATE AUDIT statement. An audit trail is collected whenever an action is performed for which collection of an audit trail has been specified.

Reference note

The security audit facility is not intended to strengthen security. Its purpose is to output a record of database accesses for checking that privilege operations are functioning appropriately.