Hitachi

Hitachi Advanced Database SQL Reference


3.4.1 Specification format and rules for the CREATE AUDIT statement

The CREATE AUDIT statement defines audit targets.

Important

You can execute the CREATE AUDIT statement when the audit trail facility is enabled. To check whether the audit trail facility is enabled, execute the adbaudittrail -d command.

Organization of this subsection

(1) Specification format

CREATE-AUDIT-statement::=CREATE AUDIT AUDITTYPE EVENT
                                 FOR ANY OPERATION

(2) Explanation of specification format

AUDITTYPE EVENT

Specify this if you want to output an audit trail of the final event results.

FOR ANY OPERATION

Specify this if the audit-target event is in the following table.

Table 3‒3: Audit-target events

Event type

Audit-target event

Session management event

Execution of CONNECT (connection to an HADB server)

Execution of DISCONNECT (disconnection from an HADB server)

Privilege management event

Executions of the following SQL statements:

  • GRANT statement

  • REVOKE statement

  • CREATE USER statement

  • DROP USER statement

  • ALTER USER statement

Definition SQL event

Executions of the following definition SQL statements:

  • ALTER TABLE statement

  • ALTER VIEW statement

  • CREATE AUDIT statement

  • CREATE INDEX statement

  • CREATE SCHEMA statement

  • CREATE TABLE statement

  • CREATE VIEW statement

  • DROP AUDIT statement

  • DROP INDEX statement

  • DROP SCHEMA statement

  • DROP TABLE statement

  • DROP VIEW statement

Data manipulation SQL event

Executions of the following data manipulation SQL statements:

  • SELECT statement

  • INSERT statement

  • UPDATE statement

  • DELETE statement

  • TRUNCATE TABLE statement

  • PURGE CHUNK statement

Command operation event

Executions of the following commands:

  • adbimport command

  • adbexport command

  • adbidxrebuild command

  • adbgetcst command

  • adbdbstatus command

  • adbmergechunk command

  • adbchgchunkcomment command

  • adbchgchunkstatus command

  • adbarchivechunk command

  • adbunarchivechunk command

  • adbreorgsystemdata command

  • adbsyndict command

(3) Privileges required at execution

To execute the CREATE AUDIT statement, the CONNECT privilege and the audit admin privilege are required.

(4) Rules

  1. You cannot define multiple instances of the same audit target.

  2. An HADB server checks the audit target definition during the determination processing for outputting an audit trail. Therefore, depending on the audit trail output time, an audit trail about operations that were performed before the audit targets are defined might be output although those operations are not to be audited.

(5) Examples

Example

The events listed in Table 3‒3: Audit-target events are defined as audit targets.

CREATE AUDIT AUDITTYPE EVENT
             FOR ANY OPERATION