This chapter provides answers to some fundamental auditing questions. Foremost among them are these:
Who is privileged to access what objects?
Who has actually accessed the data?
Answers to the first question are found in the DB2 catalog, which is a primary audit trail for the DB2 subsystem. Most of the catalog tables describe the DB2 objects, such as tables, views, table spaces, packages, and plans. Several other tables (every one with the characters “AUTH” in its name) hold records of every grant of a privilege or authority on different types of object. Every record of a grant contains the name of the object, the ID that received the privilege, the ID that granted it, the time of the grant, and other information. You can retrieve data ...