Audit event codes and fields
The secure-auditing facility audits certain database server events.
If you are using the onshowaudit utility, auditable events on each database server generate event codes. These codes represent actions on the server that can indicate possibly illegitimate usage or tampering.
- The Event Code column has the acronym that database server utilities use to identify audit events.
- The Event column shows the event name.
- The Variable Contents column has other categories of onshowaudit information
that are displayed for the event on that row. The categories of information
are:
- tabid
- dbname
- objname
- extra_1
- partno
- row_num
- login
- flags
- extra_2
For some events, the onshowaudit utility puts two different pieces of information in the extra_2 field. In this case, the two parts are separated by a semicolon.
- The Notes section after the table provides more information about some of the entries in the Variable Contents column.
| Event Code | Event | Variable Contents |
|---|---|---|
| ACTB | Access Table | dbname: database_name tabid: owner_name, table_id |
| ADCK | Add Chunk | dbname: dbspace, name extra_1: offset flags: mirror_status1 extra_2: path and size |
| ADLG | Add Transaction Log | dbname: dbspace, name extra_1: log_size |
| ALFR | Alter Fragement | dbname: database_name tabid: table_id objname: index_name extra_1: operation_type18 login: owner flags: frag_flags15 extra_2: dbspaces alter_type: 0 = normal, 1 = forced alter |
| ALIX | Alter Index | dbname: database_name tabid: table_id login: owner14 flags: cluster_flag9,14 extra_2: index_name14 |
| ALLC | Alter Security Label Component | dbname: database_name objname: component_name extra_2: component_type |
| ALME | Alter Access Method | dbname: database_name tabid: access, method_ID objname: access_method, name login: access_method, owner |
| ALOC | Alter Operator Class | dbname: database_name extra_1: cluster_size login: owner extra_2: cluster_name |
| ALOP | Alter Optical Cluster | dbname: database_name extra_1: cluster_size login: owner extra_2: cluster_name |
| ALSQ | Alter Sequence | dbname: database_name tabid: table_id |
| ALTB | Alter Table | dbname: database_name tabid: old_table_id extra_1: new_table_id14 partno: frag_id extra_2: new_part_number_list14 |
| ALTX | Alter trusted context | dbname: database_name objname: context_name login: system_authid |
| ALUR | Alter User | objname: user_name |
| BGTX | Begin Transaction | none |
| CLDB | Close Database | dbname: database_name |
| CMTX | Commit Transaction | none |
| CRAG | Create Aggregate | dbname: database_name objname: aggregate_name login: owner |
| CRAM | Create Audit Mask | login: user_id |
| CRBS | Create Storage Space | dbname: storage_name, space_name login: owner flags: mirror_status1 extra_2: media |
| CRBT | Create Opaque Type | dbname: database_name objname: opaque_type_name login: opaque_type, owner |
| CRCT | Create Cast | dbname: database_name tabid: from_type_ID objname: function_name or "-" extra_1: from_type_xid partno: to_type_ID row_num: to_type_xid login: function_owner or "-" |
| CRDB | Create Database | dbname: dbspace extra_2: database_name |
| CRDS | Create Dbspace | dbname: dbspace, name flags: mirror_status1 |
| CRDT | Create Distinct Type | dbname: database_name objname: distinct_type_name login: distinct_type, owner |
| CRIX | Create Index | dbname: database_name tabid: table_id objname: index_name login: owner flags: frag_flags15 extra_2: dbspace_list |
| CRLB | Create Security Label | dbname: database_name objname: policy.label_name |
| CRLC | Create Security Label Component | dbname: database_name objname: component_name |
| CRME | Create Access Method | dbname: database_name tabid: access_method_ID objname: access_method_name login: access_method_owner |
| CROC | Create Operator Class | dbname: database_name tabid: operator_class_ID objname: operator_class_name login: owner |
| CROP | Create Optical Cluster | dbname: database_name tabid: table_id extra_1: cluster_size login: owner extra_2: cluster_name |
| CRPL | Create Security Policy | dbname: database_name objname: policy_name |
| CRPT | Decryption Failure or Attempt | dbname: database_name objname: statement |
| CRRL | Create Role | dbname: database_name objname: rolename |
| CRRT | Create Named Row Type | dbname: database_name tabid: row_type_xid objname: named_row_type_name login: named_row_type_owner |
| CRSN | Create Synonym | dbname: database_name tabid: synonym_table_id extra_1: base_table_id login: owner flags: synonym_type7 extra_2: synonym_name |
| CRSP | Create SPL Routine | dbname: database_name tabid: proc_id login: owner extra_2: procedure_name |
| CRSQ | Create Sequence | dbname: database_name tabid: table_id objname: owner |
| CRTB | Create Table | dbname: database_name tabid: table_id objname: owner login: table_name flags: frag_flags15 extra_2: dbspace_list |
| CRTR | Create Trigger | dbname: database_name tabid: table_id row_num: trigger_id14 login: owner14 extra_2: trigger_name14 |
| CRTX | Create trusted context | dbname: database_name objname: context_name login: system_authorization_id |
| CRUR | Create User | objname: user_name |
| CRVW | Create View | dbname: database_name tabid: view_table_id login: owner extra_2: view_name |
| CRXD | Create XADatasource | dbname: database_name objname: owner objname: XA_data_source_name |
| CRXT | Create XADatasource Type | dbname: database_name objname: owner objname: XA_data_source_type_name |
| DLRW | Delete Row | dbname: database_name tabid: table_id extra_1: part_number partno: frag_id row_num: row_number14 |
| DNCK | Bring Chunk Offline | extra_1: chunk_number flags: mirror_status1 |
| DNDM | Disable Disk Mirroring | extra_1: dbspace_number |
| DRAG | Drop Aggregate | dbname: database_name objname: aggregate_name login: owner |
| DRAM | Delete Audit Mask | login: user_id |
| DRBS | Drop Storage Space | dbname: storage_space_name |
| DRCK | Drop Chunk | dbname: dbspace_name flags: mirror_status1 extra_2: path |
| DRCT | Drop Cast | dbname: database_name tabid: from_type_ID extra_1: from_type_xid partno: to_type_ID row_num: to_type_xid |
| DRDB | Drop Database | dbname: database_name |
| DRDS | Drop Dbspace | dbname: dbspace_name |
| DRIX | Drop Index | dbname: database_name tabid: table_id login: owner extra_2: index_name |
| DRLB | Drop Security Label | dbname: database_name objname: policy.label_name |
| DRLC | Drop Security Label Component | dbname: database_name objname: component_name |
| DRLG | Drop Transaction Log | extra_1: log_number |
| DRME | Drop Access Method | dbname: database_name tabid: access_method_ID objname: access_method_name login: access_method_owner |
| DROC | Drop Operator Class | dbname: database_name objname: operator_class_name login: owner |
| DROP | Drop Optical Cluster | dbname: database_name login: owner extra_2: cluster_name |
| DRPL | Drop Security Policy | dbname: database_name objname: policy_name |
| DRRL | Drop Role | dbname: database_name objname: role_name |
| DRRT | Drop Named Row Type | dbname: database_name tabid: dropped_type_xid |
| DRSN | Drop Synonym | dbname: database_name tabid: synonym_table_id login: owner extra_2: synonym_name |
| DRSP | Drop SPL Routine | dbname: database_name login: owner extra_2: spname |
| DRSQ | Drop Sequence | dbname: database_name tabid: table_id |
| DRTB | Drop Table | dbname: database_name tabid: table_id objname: table_name login: owner flags: drop_flags21 extra_2: part_number_list |
| DRTR | Drop Trigger | dbname: database_name row_num: trigger_id login: owner extra_2: trigger_name |
| DRUR | Drop User | objname: user_name |
| DRTX | Drop trusted context | objname: context_name |
| DRTY | Drop Type | dbname: database_name objname: type_name login: type_owner |
| DRVW | Drop View | dbname: database_name tabid: view_table_id flags: drop_flags21 |
| DRXD | Drop XADatasource | dbname: database_name objname: owner objname: XA_data_source_name |
| DRXT | Drop XADatasource Type | dbname: database_name objname: owner objname: XA_data_source_type_name |
| EXSP | Execute SPL Routine | dbname: database_name tabid: proc_id |
| GRDB | Grant Database Access | dbname: database_name extra_1: privilege5 extra_2: grantees4 |
| GRDR | Grant Default Role | dbname: database_name objname: role_name login:grantor extra_2: grantees4 |
| GRFR | Grant Fragment Access | dbname: database_name tabid: table_id objname: fragment extra_1: privilege5, 14 login: grantor extra_2: grantees4, 14 |
| GRLB | Grant Security Label | dbname: database_name objname: policy.label_name login: grantee4 extra_2: access_type |
| GRRL | Grant Role | dbname: database_name objname: role_name login: grantor extra_2: grantees4 |
| GRSA | Grant DBSECADM | login: grantee |
| GRSS | Grant SETSESSIONAUTH | dbname: database_name login: grantee extra_2: surrogate_user_list |
| GRTB | Grant Table Access | dbname: database_name tabid: table_id extra_1: privilege5, 14 login: grantor extra_2: grantee4, 14, update_columns, select_columns4, 14 |
| GRXM | Grant Exemption | dbname: database_name objname: policy_name login: grantee extra_2: rule |
| INRW | Insert Row | dbname: database_name tabid: table_id partno: frag_id row_num: row_id |
| LGDB | Change Database Log Mode | dbname: database_name flags: log_status6 |
| LKTB | Lock Table | dbname: database_name tabid: table_id flags: lock_mode8 |
| LSAM | List Audit Masks | none |
| LSDB | List Databases | none |
| MDLG | Modify Transaction Logging | flags: buffered_log_flags2 |
| ONAU | onaudit | extra_2: command_line |
| ONBR | onbar | extra_2: command_line |
| ONCH | oncheck | extra_2: command_line |
| ONIN | oninit | extra_2: command_line |
| ONLG | onlog | extra_2: command_line |
| ONLO | onload | extra_2: command_line |
| ONMN | onmonitor | extra_2: command_line |
| ONMO | onmode | extra_2: command_line |
| ONPA | onparams | extra_2: command_line |
| ONPL | onpload | extra_2: command_line |
| ONSP | onspaces | extra_2: command_line |
| ONST | onstat | extra_2: command_line |
| ONTP | ontape | extra_2: command_line |
| ONUL | onunload | extra_2: command_line |
| OPDB | Open Database | dbname: database_name flags: exclusive_flag extra_2: database_password |
| OPST | Optimize Storage | fragment <parameters>: part_numbers table <parameters>: table_name:database_name:owner_name compression purge_dictionary: date |
| PWUR | Set User Password | objname: user_name |
| RBSV | Rollback to Savepoint | dbname: database_name extra_1: transaction_id objname: savepoint_name |
| RDRW | Read Row | dbname: database_name tabid: table_id extra_1: part_number partno: frag_id row_num: row_id14 |
| RLOP | Release Optical Cluster | dbname: family_name row_num: volume_number |
| RLSV | Release Savepoint | dbname: database_name extra_1: transaction_id objname: savepoint_name |
| RLTX | Rollback Transaction | none |
| RMCK | Clear Mirrored Chunks | extra_1: dbspace_number |
| RNUR | Rename User | objname: old_user_name extra_2: new_user_name |
| RNDB | Rename Database | dbname: database_name objname: new_dbname login: user_id |
| RNDS | Rename dbspace | dbname: dbspace_name objname: new_dbspace_name |
| RNIX | Rename Index | dbname: index_name objname: new_index_name |
| RNLB | Rename Security Label | dbname: database_name objname: old_policy.label_name extra_2: new_policy.label_name |
| RNLC | Rename Security Label Component | dbname: database_name objname: old_component_name extra_2: new_component_name |
| RNPL | Rename Security Policy | dbname: database_name objname: old_policy_name extra_2: new_policy_name |
| RNSQ | Rename Sequence | dbname: database_name tabid: table_id |
| RNTC | Rename Table/Column | dbname: database_name tabid: table_id objname: new_table/column_name extra_1: colno(*) login: owner extra_2: table_name(**) |
| RNTX | Rename trusted context | objname: context_name extra_2: new_context name |
| RSOP | Reserve Optical Cluster | dbname: family_name row_num: volume_number |
| RVDB | Revoke Database Access | dbname: database_name extra_1: privilege5 extra_2: revokees4 |
| RVDR | Revoke Default Role | dbname: database_name objname: role_name login: revoker extra_2: revokees4 |
| RVFR | Revoke Fragment Access | dbname: database_name tabid: table_id objname: fragment extra_1: privilege5, 14 login: revoker extra_2: revokees4, 14 |
| RVLB | Revoke Security Label | dbname: database_name objname: policy.label_name login: grantee extra_2: access_type |
| RVRL | Revoke Role | dbname: database_name objname: role_name login: revoker extra_2: revokees4 |
| RVSA | Revoke DBSECADM | login: grantee |
| RVSS | Revoke SETSESSIONAUTH | dbname: database_name login: grantee extra_2: surrogate_user_list |
| RVTB | Revoke Table Access | dbname: database_name tabid: table_id extra_1: privilege5, 14 login: revoker flags: drop_flags21 extra_2: revokees4, 14 |
| RVXM | Revoke Exemption | dbname: database_name objname: policy_name login: grantee extra_2: rule |
| SCSP | System Command, SPL Routine | extra_2: command_string |
| STCO | Set Collation | dbname: database_name objname: locale_name |
| STCN | Set Constraint | dbname: database_name flags: constraint_mode11 extra_2: constraint_names |
| STDF | Set Debug File | dbname: database_name extra_2: file_path |
| STDP | Set Database Password | dbname: database_name login: user_id |
| STDS | Set Dataskip | flags: skip flags16 extra_2: dbspace_list |
| STEP | Set Encryption Password | dbname: database_name |
| STEV | Set Environment | objname: environment_variable_and_value |
| STEX | Set Explain | flags: explain_flags12 |
| STIL | Set Isolation Level | extra_1: isolation_level3 |
| STLM | Set Lock Mode | flags: wait_flags13 |
| STNC | Set No Collation | dbname: database_name objname: locale_name |
| STOM | Set Object Mode | dbname: database_name tabid: table_id extra_1: command_mode_flag22 flags: object_type_flag23 extra_2: object_names |
| STOP | Stop Violations | dbname: database_name tabid: table_id |
| STPR | Set Pdqpriority | flags: priority_level17 |
| STRL | Set Role | dbname: database_name objname: role_name |
| STRS | Set Resident | dbname: database_name objname: fragment_list extra_1: fragment_information |
| STRT | Start Violations | dbname: database_name tabid: table_id extra_1: Vio_tid flags: Dia_tid |
| STSA | Set Session Authorization | dbname: database_name login: new_user_name |
| STSC | Set Statement Cache | objname: statement_name |
| STSN | Start New Session | none |
| STSV | Set Savepoint | dbname: database_name extra_1: transaction_id objname: savepoint_name |
| STTX | Set Transaction Mode | extra_1: operation20 flags: mode_flags19 extra_2: |
| SVXD | Save External Directives | dbname: database_name objname: active/inactive/test objname: directive_text |
| TCTB | Truncate Table | dbname: database_name tabid: table_id objname: table_name |
| TMOP | Time Optical Cluster | flags: time flag13 |
| ULTB | Unlock Table | dbname: database_name tabid: table_id |
| UPAM | Update Audit Mask | login: user id |
| UPCK | Bring Chunk Online | extra_1: chunk_number flags: mirror_status1 |
| UPDM | Enable Disk Mirroring | extra_1: dbspace_number |
| UPRW | Update Current® Row | dbname: database_name tabid: table_id extra_1: old_part_number row_num: old_row_id14 flags: new_row_id extra_2: new_part_number |
| USSP | Update Statistics, SPL Routine | dbname: database_name tabid: proc_id |
| USTB | Update Statistics, Table | dbname: database_name tabid: table_id |
Notes®
- Mirror Status:
- 0
- Not mirrored
- 1
- Mirrored
- Buffered Log Flag:
- 0
- Buffering turned off
- 1
- Buffering turned on
- Isolation Level:
- 0
- No transactions
- 1
- Dirty Read
- 2
- Committed Read
- 3
- Cursor Stability
- 5
- Repeatable Read
- Grantees, Revokees, Select Columns, Update Columns:
These can be lists of comma-separated names. If longer than 166 bytes, the audit processing described in Audit analysis with SQL truncates the lists to 166 bytes.
- Database Privileges:
Table-Level Privileges:
- 1
- Select
- 2
- Insert
- 4
- Delete
- 8
- Update
- 16
- Alter
- 32
- Index
- 64
- Reference
- 4096
- Execute Procedure (When Grant privilege is executed. tabid is the procedure ID.)
Database-Level Privileges:
- 256
- Connect
- 512
- DBA
- 1024
- Resource
- Log Status:
- 1
- Logging on
- 2
- Buffered logging
- 4
- ANSI-compliant
- Synonym Type:
- 0
- Private
- 1
- Public
- Lock Mode:
- 0
- Exclusive
- 1
- Shared
- Cluster Flag:
- 0
- Not cluster
- 1
- Cluster
- Chunk Flag:
- 0
- Check root reserve size
- 1
- Check entire chunk
- <0
- Check silently
- Constraint Mode:
- 0
- Deferred
- 1
- Immediate
- Explain Flag:
- 0
- Explain turned off
- 1
- Explain turned on
- Wait Flag:
- -1
- Wait forever
- 0
- Do not wait
- >0
- Waiting period (in seconds)
- If the user request is turned down because of the authorization, those fields are either 0 or blank, depending on the data type.
- Fragmentation (frag) Flag:
- 0
- Not fragmented
- 1
- In dbspace
- 2
- Fragment by round robin
- 4
- Fragment by expression
- 8
- Fragment same as table
- Skip Flag:
- 0
- DATASKIP for all the dbspaces is turned OFF
- 1
- DATASKIP for the following dbspaces is turned ON
- 2
- DATASKIP for all the dbspaces is turned ON
- 3
- DATASKIP is set to the default
- Priority Level:
- -1
- PDQPRIORITY is set to the default
- 0
- PDQPRIORITY is turned OFF
- 1
- PDQPRIORITY is LOW
- 100
- PDQPRIORITY is HIGH
- n
- any other positive integer less than 100 that the user entered in the SET PDQPRIORITY statement
- Operation Type:
- 4
- Add a new fragment
- 8
- Modify fragmentation
- 16
- Drop a fragment
- 32
- Initialize fragmentation
- 64
- Attach table(s)
- 128
- Detach fragment
- Mode Flag:
- 0
- Read/Write if operation is Set Access Mode; Dirty Read if operation is Set Isolation Level
- 1
- Read-only if operation is Set Access Mode; Committed Read if operation is Set Isolation Level
- 2
- Cursor Stability
- 3
- Repeatable Read
- Operation:
- 0
- Set Access Mode
- 1
- Set Isolation Level
- Dropflags:
- 0
- Cascade
- 1
- Restrict
- Command Mode Flag:
- 1
- Disabled
- 2
- Filtering without error
- 4
- Filtering with error
- 8
- Enabled
- Object Type Flag:
- 1
- Constraint
- 2
- Index
- 3
- Constraints and indexes
- 4
- Trigger
- 5
- Triggers and constraints
- 6
- Triggers and indexes
- 7
- All