SAF rules for auditing
When auditing is determined by SAF rules:
- Auditing can be specified independently for each Db2® system accessed by FM/Db2, to either your audit log data set, to SMF, or to both destinations.
- All FM/Db2 functions that allow the execution of SQL statements are subject to audit, with the exception of SQL statements used to access the Db2® catalog tables for the internal processes of FM/Db2.
- SAF rules control if and where the Create audit trail (*) option is displayed on FM/Db2 panels. "(*)" is appended to the Create audit trail option to show auditing is under SAF control.
For select statements applying to a Db2® object, SAF rules can be specified at a Db2® object name level allowing audit for READ, UPDATE, or both types of operations. An UPDATE operation includes any SQL statement that changes Db2® data such as INSERT, DELETE, and UPDATE.