Actions performed by the auditor

The auditor manipulates the audit trail table. For example, the auditor performs the following actions:

Grant access privileges to the audit trail table
Only the SELECT privilege for the audit trail table and a view table that uses the audit trail table as the base table can be granted to other users. SELECT privilege can also be removed. The INSERT, UPDATE, and DELETE privileges cannot be granted to other users. The auditor adds and removes access privileges to the audit trail table. Access privilege to the audit trail table cannot be granted to anyone other than the auditor.
Define indexes for the audit trail table
Indexes can be defined for the audit trail table. For details about the audit table columns, see 24.8 Audit trail table columns.
The audit trail table cannot be row partitioned, nor can the table definition be modified.
Reorganize the audit trail table
The auditor reorganizes the audit trail table. Users other than the auditor cannot reorganize the audit trail table.
Delete the audit trail table
The audit trail table can be deleted with DROP TABLE. The auditor deletes the audit trail table. Users other than the auditor cannot delete the audit trail table.
To re-create the audit trail table, the HiRDB administrator uses the pdmod command's create audit table statement.

The commands listed below must be executed jointly by the auditor and the HiRDB administrator. When the HiRDB administrator executes a command, a message requesting a password input appears. When this happens, the auditor enters the authorization identifier and password.

pdaudatld command
pdaudput command
pdaudswap command
pdls -d aud command
Database load utility (pdload)^#

#: Applicable only when loading an audit trail to the audit trail table.

24.5.2 Actions performed by the auditor

(1) Use the audit trail table

(2) Manipulate the audit trail table

(3) Authentication during command execution

(4) Add and delete audit events

(5) Change the password

(6) Delete the auditor's schema