Auditing

Db2 for i uses the audit facilities that are managed by the system security function. Auditing can be performed at an object level, a user level, or a system level. The system value QAUDCTL controls whether auditing is performed at the object or user level. The Change User Audit (CHGUSRAUD) and Change Object Audit (CHGOBJAUD) commands specify which users and objects are audited. The system value QAUDLVL controls what types of actions are audited (for example, authorization failures; and create, delete, grant, or revoke operations).

Db2 for i can also audit row changes through the Db2 for i journal support.

In some cases, entries in the auditing journal will not be in the same order as they occured. For example, a job that is running under commitment control deletes a table, creates a new table with the same name as the one that was deleted, then does a commit. This will be recorded in the auditing journal as a create followed by a delete. This is because objects that are created are journaled immediately. An object that is deleted under commitment control is hidden and not actually deleted until a commit is done. Once the commit is done, the action is journaled.