2.7.4 Audit privilege
Audit privilege is a collective term for the following two privileges. You must have the audit privilege to use the audit trail facility. For details about the audit trail facility, see 2.18 Audit trail facility.
-
Audit admin privilege
The privilege that an HADB user must have to perform operation of the audit trail facility is called the audit admin privilege. An HADB user who has the audit admin privilege can:
-
Use the adbaudittrail command to operate the audit trail facility
-
Use CREATE AUDIT statements to define audit targets
-
Use DROP AUDIT statements to delete audit target definitions
-
Use REVOKE statements to revoke audit privileges
-
Reference audit target definition information (SQL_AUDITS retrieval)
- Important
-
A given HADB user cannot have both the audit admin privilege and the DBA privilege.
-
-
Audit viewer privilege
The privilege that an HADB user must have to reference audit trails is called the audit viewer privilege. An HADB user who has the audit viewer privilege can:
-
Use the ADB_AUDITREAD function to reference an audit trail
-
Use the adbconvertaudittrailfile command to convert audit trail files
- Note
-
ADB_AUDITREAD is a function that converts the output audit trails to data in tabular format that can be retrieved by the HADB server. This user can reference audit trails by specifying the ADB_AUDITREAD function in a SELECT statement.
-