Auditing the relational database directory

This topic discusses how to audit program access to the relational database directories.

Accesses to the relational database directory are recorded in the security auditing journal when either one of the items listed here is true.

• The value of the system QAUDLVL is *SYSMGT.
• The value of the user AUDLVL is *SYSMGT.

By using the *SYSMGT value, the system audits all accesses that were made with the following commands:

• Add Relational Database Directory Entry (ADDRDBDIRE) command
• Change Relational Database Directory Entry (CHGRDBDIRE) command
• Display Relational Database Directory Entry (DSPRDBDIRE) command
• Remove Relational Database Directory Entry (RMVRDBDIRE) command
• Work with Relational Database Directory Entry (WRKRDBDIRE) command

The relational database directory is a database file (QSYS/QADBXRDBD) that can be read directly without the directory entry commands.

Prior to V5R2, relational database (RDB) directory file QADBXRDBD in library QSYS was built with operational authority granted to *PUBLIC. Beginning in V5R2, that's no longer the case. Therefore, existing programs that access the RDB directory using this file might no longer run correctly. Unless you have *ALLOBJ special authority, you will have to access the logical file named QADBXRMTNM, which is built over QADBXRDBD. To audit direct accesses to this file, set auditing on with the Change Object Auditing (CHGOBJAUD) command.