DROP AUDIT (Delete an audit target event)

Function

Deletes definitions that match the target audit event defined in CREATE AUDIT from the targets of auditing.

Privileges

Users with the audit privilege
These users can execute DROP AUDIT definition statements.

Format

No.Format
1

DROP AUDIT
  [AUDITTYPE {PRIVILEGE | EVENT | ANY}]

2

  FOR operation-type

9

  [selection-option]

3

  [WHENEVER {SUCCESSFUL | UNSUCCESSFUL | ANY}]

Details about items

No.Format
2

operation-type::= ANY
             | SESSION [{session-type |ANY}]
             | PRIVILEGE [{privilege-operation-type | ANY}]
             | DEFINITION [{object-definition-event-type | ANY}]
             | ACCESS  [{object-operation-event-type | ANY}]
             | UTILITY     [{utility-event-type | ANY}]

9

selection-option::=ON object-name

object-name::=
{ALIAS authorization-identifier.table-alias
|FOREIGN INDEX authorization-identifier.index-identifier
|FOREIGN TABLE authorization-identifier.table-identifier
|FUNCTION authorization-identifier.routine-identifier
|INDEX authorization-identifier.index-identifier
|LIST authorization-identifier.table-identifier
|PROCEDURE authorization-identifier.routine-identifier
|RDAREA RDAREA-name
|SCHEMA authorization-identifier
|SERVER foreign-server-definition-owner.foreign-server-name
|TABLE [authorization-identifier.]table-identifier
|TRIGGER authorization-identifier.trigger-identifier
|TYPE authorization-identifier.data-type-identifier
|USER MAPPING SERVER foreign-server-name

     |VIEW authorization-identifier.table-identifier}

4

session-type::=
 {CONNECT | AUTHORIZATION}

5

privilege-operation-type::=
 {GRANT | REVOKE}

6

object-definition-event-type::=
 {CREATE | DROP | ALTER}

7

object-operation-event-type::=
 {SELECT | INSERT | UPDATE | DELETE | PURGE | ASSIGN | CALL |LOCK}

8

utility-event-type::=
 {PDLOAD | PDRORG | PDEXP | PDCONSTCK}

Operands

For details about each item, see CREATE AUDIT (Define the target audit event) in this chapter.

1) AUDITTYPE {PRIVILEGE | EVENT | ANY}
Specifies the audit trail to be deleted.
2) FOR operation-type
Specifies the operation type to be deleted from the audit object.
3) WHENEVER {SUCCESSFUL | UNSUCCESSFUL | ANY}
Deletes the WHENEVER clause specification specified in CREATE AUDIT from audit-object.
4) session-type
Specifies the connection to HiRDB to be deleted from the audit object, or a change in users being connected.
5) privilege-operation-type
Specifies the privilege operations on HiRDB to be deleted from the object of the audit.
6) object-definition-event-type
Specifies the object definition operations on HiRDB to be deleted from the object of the audit.
7) object-operation-event-type
Specifies the object operations on HiRDB to be deleted from the object of the audit.
8) utility-event-type
Specifies the utility event on HiRDB to be deleted from the object of the audit.
9) selection-option
Specifies a selection option to be deleted from the audit object.

Rules

  1. For the security audit facility, see the HiRDB Version 8 System Operation Guide.
  2. Recording actual audit trails requires either the specification of the system definition pd_audit operand or the execution of the pdaudbegin command.
  3. An audit trail from the execution of CREATE AUDIT or DROP AUDIT is always recorded, provided that the security audit facility is enabled.
  4. DROP AUDIT can be executed by the same specification as the combination of AUDITTYPE, FOR <operation-type>, WHENEVER statements that were specified in CREATE AUDIT.
    Example:
    For deleting CREATE AUDIT AUDITTYPE EVENT FOR SESSION, simply specify DROP AUDIT AUDITTYPE EVENT FOR SESSION.
  5. DROP AUDIT cannot be used in such a way as to only delete a part of a defined audit target range from the audit object. If such a specification is attempted, the system generates the KFPA11909-E message.
    Example 1:
    If all audit events are defined as audit objects in CREATE AUDIT FOR ANY, DROP AUDIT FOR ACCESS cannot be executed by specifying SELECT because SELECT as it applies to a table is deleted from the audit object.
    To delete SELECT as it applies to a table from the audit object, define a required audit object other than SELECT for a table, and then execute DROP AUDIT FOR ANY.
    Example 2:
    If all audit events during a privilege check are defined as audit objects in CREATE AUDIT AUDITTYPE PRIVILEGE FOR ANY, the task cannot be executed by specifying DROP AUDIT AUDITTYPE PRIVILEGE because the PRIVILEGE in AUDITTYPE is deleted from the audit object.

Notes

  1. DROP AUDIT cannot be specified from an X/Open-compliant UAP running under OLTP.

Examples

  1. Delete the target of the audit defined in CREATE AUDIT FOR ANY.

    DROP AUDIT FOR ANY

  2. Delete the target of the audit defined in CREATE AUDIT FOR SESSION.

    DROP AUDIT FOR SESSION CONNECT

  3. Delete the target of the audit defined in CREATE AUDIT FOR PRIVILEGE.

    DROP AUDIT FOR PRIVILEGE GRANT

  4. Delete the target of the audit defined in CREATE AUDIT FOR DEFINITION.

    DROP AUDIT FOR DEFINITION CREATE WHENEVER ANY

  5. Delete the target of the audit defined in CREATE AUDIT FOR ACCESS.

    DROP AUDIT FOR ACCESS INSERT

  6. Delete the target of the audit defined in CREATE AUDIT AUDITTYPE ANY FOR ANY.

    DROP AUDIT AUDITTYPE ANY FOR ANY

  7. Delete the target of the audit defined in CREATE AUDIT AUDITTYPE PRIVILEGE FOR ANY.

    DROP AUDIT AUDITTYPE PRIVILEGE FOR ANY

  8. Delete the target of the audit defined in CREATE AUDIT AUDITTYPE EVENT FOR ANY ON TABLE "USER1"."T1".

     DROP AUDIT AUDITTYPE EVENT FOR ANY ON TABLE "USER1"."T1"