CREATE AUDIT (Define the target audit event)
Function
CREATE AUDIT defines the target audit event to be recorded as an audit trail, and its target.
Privileges
Format
No. | Format |
---|---|
1 | CREATE AUDIT |
2 | FOR operation-type |
9 | [selection-option] |
3 | [WHENEVER {SUCCESSFUL|UNSUCCESSFUL|ANY}] |
Details about items
No. | Format |
---|---|
2 | operation-type::= {ANY |
9 | selection-option::=ON object-name |
object-name::= {FUNCTION authorization-identifier.routine-identifier |INDEX authorization-identifier.index-identifier |LIST authorization-identifier.table-identifier |PROCEDURE authorization-identifier.routine-identifier |RDAREA RDAREA-name |SCHEMA authorization-identifier |TABLE [authorization-identifier.]table-identifier |TRIGGER authorization-identifier.trigger-identifier |TYPE authorization-identifier.data-type-identifier |VIEW authorization-identifier.table-identifier} |SEQUENCE authorization-identifier.sequence-generator-identifier} | |
4 | session-type::= |
5 | privilege-operation-type::= |
6 | object-definition-event-type::= |
7 | object-operation-event-type::= |
8 | utility-event-type::= |
Operands
Table 3-10 Audit trail that is acquired based on the specification in WHENEVER
WHENEVER specification | When PRIVILEGE or ANY is specified in AUDITTYPE | When EVENT or ANY is specified in AUDITTYPE |
---|---|---|
SUCCESSFUL | Audit trail during a privilege check is collected only when the privilege check is successful. | Audit trail of the final result of an audit event is collected only when the audit event is successful. |
UNSUCCESSFUL | Audit trail during a privilege check is collected only when the privilege check is unsuccessful. | Audit trail of the final result of an audit event is collected only when the audit event is unsuccessful. |
ANY | Audit trail during a privilege check is collected regardless of whether or not the privilege check is successful. | Audit trail of the final result of an audit event is collected regardless of whether or not the audit event is successful. |
Table 3-11 Session types and operations generated by the associated audit events
Session type | Operation generated by privilege check audit event (PRIVILEGE specified in AUDITTYPE) | Operation generated by audit event acquiring audit trail on final results of an event (EVENT specified in AUDITTYPE) |
---|---|---|
CONNECT | Connection to HiRDB | Same as indicated at left |
DISCONNECT | None | Disconnection from HiRDB |
AUTHORIZATION | Execution of SET SESSION AUTHORIZATION statement | Same as indicated at left |
Table 3-12 Privilege operation types and operations generated by the associated audit events
Privilege operation type | Operation generated by privilege check audit event (PRIVILEGE specified in AUDITTYPE) | Operation generated by audit event acquiring audit trail on final results of an event (EVENT specified in AUDITTYPE) |
---|---|---|
GRANT | Execution of GRANT | Same as indicated at left |
REVOKE | Execution of REVOKE | Same as indicated at left |
Table 3-13 Object definition event types and operations generated by the associated audit events
Object definition event type | Operation generated by privilege check audit event (PRIVILEGE specified in AUDITTYPE) | Operation generated by audit event acquiring audit trail on final results of an event (EVENT specified in AUDITTYPE) |
---|---|---|
CREATE | Execution of the following SQL statements:
| Same as indicated at left |
DROP | Execution of the following SQL statements:
| Same as indicated at left |
ALTER | Execution of the following SQL statements:
| Same as indicated at left |
Table 3-14 Object operation event types and operations generated by the associated audit events
Object operation event type | Operation generated by privilege check audit event (PRIVILEGE specified in AUDITTYPE) | Operation generated by audit event acquiring audit trail on final results of an event (EVENT specified in AUDITTYPE) |
---|---|---|
SELECT |
|
|
INSERT |
|
|
UPDATE |
|
|
DELETE |
|
|
PURGE |
|
|
CALL |
|
|
LOCK |
|
|
ASSIGN |
|
|
NEXT VALUE |
|
|
Table 3-15 Utility event types and operations generated by the associated audit events
Utility event type | Operation generated by privilege check audit event (PRIVILEGE specified in AUDITTYPE) | Operation generated by audit event acquiring audit trail on final results of an event (EVENT specified in AUDITTYPE) |
---|---|---|
PDLOAD | Execution of pdload | Same as indicated at left |
PDRORG | Execution of pdrorg | Same as indicated at left |
PDEXP | Execution of pdexp or pddefrev | Same as indicated at left |
PDCONSTCK | Execution of pdconstck | Same as indicated at left |
Rules
Notes
Table 3-16 Event type, event subtype, and specifiability of AUDITTYPE
Event type | Event subtype | AUDITTYPE specifiability | ||
---|---|---|---|---|
PRIVILEGE | EVENT | ANY | ||
ANY | -- | C#1, #2 | Y | C#1, #2 |
SESSION | DISCONNECT | N | Y | C#2 |
ANY | C#2 | Y | C#2 | |
Any subtype other than the above | Y | Y | Y | |
PRIVILEGE | Any subtype | Y | Y | Y |
DEFINITION | Any subtype | Y | Y | Y |
ACCESS | CALL | N | Y | C#1 |
ANY | C#1 | Y | C#1 | |
Any subtype other than the above | Y | Y | Y | |
UTILITY | Any subtype | Y | Y | Y |
Table 3-17 Event type, event subtype, and specifiability of object name (1/2)
Event type | Event subtype | FCTN | INDEX | LIST | PRCDR | RD | SCHM |
---|---|---|---|---|---|---|---|
ANY | -- | C | C | C | C | C | C |
SESSION | All | N | N | N | N | N | N |
PRIVILEGE | GRANT | N | N | N | N | N | N |
REVOKE | N | N | N | N | N | N | |
ANY | N | N | N | N | N | N | |
DEFINITION | CREATE | Y | Y | N | Y | Y | Y |
DROP | Y | Y | N | Y | N | Y | |
ALTER | Y | Y | N | Y | Y | N | |
ANY | Y | Y | N | Y | C | C | |
ACCESS | SELECT | N | N | Y | N | N | N |
INSERT | N | N | N | N | N | N | |
UPDATE | N | N | N | N | N | N | |
DELETE | N | N | N | N | N | N | |
PURGE | N | N | N | N | N | N | |
ASSIGN | N | N | Y | N | N | N | |
CALL | N | N | N | Y | N | N | |
LOCK | N | N | N | N | N | N | |
NEXT VALUE | N | N | N | N | N | N | |
ANY | N | N | C | C | N | N | |
UTILITY | PDLOAD | N | N | N | N | N | N |
PDRORG | N | N | N | N | N | Y | |
PDEXP | N | N | N | Y | N | N | |
PDCONSTCK | N | N | N | N | N | N | |
ANY | N | N | N | C | N | C |
Table 3-18 Event type, event subtype, and specifiability of object name (2/2)
Event type | Event subtype | SVR | TBL | TRGR | TYP | VIEW | SEQ |
---|---|---|---|---|---|---|---|
ANY | -- | C | C | C | C | C | C |
SESSION | All | N | N | N | N | N | N |
PRIVILEGE | GRANT | N | Y | N | N | Y | N |
REVOKE | N | Y | N | N | Y | N | |
ANY | N | Y | N | N | Y | N | |
DEFINITION | CREATE | Y | Y | Y | Y | Y | Y |
DROP | Y | Y | Y | Y | Y | Y | |
ALTER | N | Y | Y | N | Y | N | |
ANY | C | Y | Y | C | Y | C | |
ACCESS | SELECT | N | Y | N | N | Y | N |
INSERT | N | Y | N | N | Y | N | |
UPDATE | N | Y | N | N | Y | N | |
DELETE | N | Y | N | N | Y | N | |
PURGE | N | Y | N | N | N | N | |
ASSIGN | N | Y | N | N | N | N | |
CALL | N | N | N | N | N | N | |
LOCK | N | Y | N | N | Y | N | |
NEXT VALUE | N | N | N | N | N | Y | |
ANY | N | C | N | N | C | C | |
UTILITY | PDLOAD | N | Y | N | N | N | Y |
PDRORG | N | Y | N | N | N | N | |
PDEXP | N | Y | Y | N | Y | N | |
PDCONSTCK | N | Y | N | N | N | N | |
ANY | N | Y | C | N | C | C |
Examples
CREATE AUDIT FOR ANY WHENEVER ANY
CREATE AUDIT FOR SESSION CONNECT
CREATE AUDIT FOR PRIVILEGE GRANT
CREATE AUDIT FOR DEFINITION CREATE
CREATE AUDIT FOR ACCSESS INSERT
CREATE AUDIT AUDITTYPE ANY FOR ANY
CREATE AUDIT AUDITTYPE EVENT FOR ANY
CREATE AUDIT AUDITTYPE EVENT FOR ANY ON TABLE "USER1"."T1"