12.10.1 Situations where multiple audit trails are output for a single event
If multiple objects are targets of an audit target event, an audit trail is output for each of these objects. For example, when the following SQL statement is executed, an audit trail is output for table T1 and another is output for table T2.
SELECT * FROM "T1","T2"
Similarly, if an event targets multiple privileges or authorization identifiers, a number of audit trails are output equivalent to the number of combinations of privileges and authorization identifiers. The following table lists the situations in which multiple audit trails are output for a single event:
No. |
Executed event |
Number of output audit trails |
---|---|---|
1 |
Granting audit admin privilege |
Number of authorization identifiers to which privilege was granted |
2 |
Granting audit viewer privilege |
|
3 |
Revoking audit admin privilege |
Number of authorization identifiers from which privilege was revoked |
4 |
Revoking audit viewer privilege |
|
5 |
Granting privileges (excluding access privileges) |
MAX (1, number of granted privileges × number of authorization identifiers to which privileges were granted) |
6 |
Granting privileges (access privileges) |
MAX (1, number of granted access privileges#1 × number of target objects#2 × number of authorization identifiers to which privileges were granted)#6, #7 |
7 |
Revoking privileges (excluding access privileges) |
MAX (1, number of revoked privileges × number of authorization identifiers whose privileges were revoked) |
8 |
Revoking privileges (access privileges) |
MAX (1, number of revoked access privileges#1 × number of target objects#2 × number of authorization identifiers whose privileges were revoked)#6, #7 |
9 |
Retrieving data from tables (using SELECT statement) |
MAX (1, number of target objects specified in query expression body#4) |
10 |
Retrieving data from tables (using data manipulation SQL other than SELECT statement#3) |
Number of target objects specified in query expression body#4 |
11 |
Re-creating indexes |
MAX (1, number of rebuilt indexes#5) |
12 |
Collecting cost information |
MAX (1, number of tables for which cost information was collected#5) |
13 |
Exporting data (using adbexport command with -q option specified) |
MAX (1, number of target objects specified in query expression bodies in SQL statements in the SQL statement file#4) |
- #1
-
If a GRANT statement or REVOKE statement is executed with ALL PRIVILEGES specified, the audit trail facility operates as if all access privileges were specified.
- #2
-
If a GRANT statement or REVOKE statement is executed with ALL TABLES specified, the number of target objects is the total number of base tables in the schema of the HADB user who executed the GRANT or REVOKE statement. However, if the SQL statement results in an error, the number of output audit trails might not be equivalent to the number of base tables.
- #3
-
If data manipulation SQL such as an INSERT statement is executed that includes a query expression body, audit trails related to the objects specified in the query expression body are output as events that retrieve data from tables.
- #4
-
If the same object is specified multiple times, duplicate audit trails are eliminated. Table value constructors are not counted in the number of objects.
- #5
-
Information about the success or failure of the event is output in audit trails for each object. Because command processing results in an error when an event fails, audit trails will not be output for objects specified after the object for which the event failed.
- #6
-
If a GRANT statement terminates normally without granting any of the specified privileges, only one audit trail is output for the GRANT statement. In this case, NULL is output as the object, privilege type, and authorization identifier of the HADB user. The same applies to REVOKE statements.
- #7
-
If an SQL statement results in an error when granting or revoking access privileges, because no access privileges will have been granted or revoked, all of the access privileges specified in the SQL statement are subject to audit trail output. If the target object type cannot be identified due to an error, NULL is output as the object type.