FM/Db2 auditing FACILITY and XFACILIT class resource names

These two tables (and associated tables) list FACILITY and XFACILIT class resource names and details.

Table 1. FM/Db2 auditing FACILITY class resource names

This table has three columns.

Rule Number Resource Name1 Purpose
1 <pfx>.TODSN Allows a user to write audit log records to the user's audit log data set.
2 <pfx>.TOSMF Allows a user to write audit log records to SMF.
3 <pfx>.OPTION Allows the user access to the "Create audit trail" option on selected FM/Db2 panels.
Table 2. FM/Db2 auditing XFACILIT class resource names

This table has three columns.

Rule Number Resource Name suffix2 Purpose
1 <pfx>.READ.OBJ.<object> Allows a user to write audit log records for functions that read data from the specified local object (object) in the specified Db2® system (ssid).
2 <pfx>.UPDATE.OBJ.<object> Allows a user to write audit log records for functions that change data from the specified local object (object) in the specified Db2® system (ssid).
3 <pfx>.READ.REMOBJ.<object> Allows a user to write audit log records for functions that read data from the specified remote object (object), when accessed from the specified Db2® system (ssid).
4 <pfx>.UPDATE.REMOBJ.<object> Allows a user to write audit log records for functions that update data from the specified remote object (object), when accessed from the specified Db2® system (ssid).
5 <pfx>.READ.ADHOCSQL Allows a user to write audit log records for functions that read data from some result table in the specified Db2® system (ssid).
6 <pfx>.UPDATE.ADHOCSQL Allows a user to write audit log records for functions that update data for some result table in the specified Db2® system (ssid). Alternatively, allows a user to write audit log records for SQL statements that might update data in the specified Db2® system (ssid).
7 <pfx>.OTHER.ADHOCSQL Allows a user to write audit log records for functions that issue SQL statements that are not covered by the READ or UPDATE ADHOCSQL rules, or the DDL and AUTH rules, in the specified Db2® system (ssid).
8 <pfx>.DDL.<objecttype>3 Allows a user to write audit log records for functions that issue DDL statements (such as CREATE, DROP, ALTER and RENAME) in the specified Db2® system (ssid). The type of Db2® object is specified using the <object type> suffix.
9 <pfx>.AUTH.<privilege type>4 Allows a user to write audit log records for functions that issue SQL statements (such as GRANT, REVOKE) that explicitly alter Db2® privileges in the specified Db2® system (ssid). The type of Db2® privilege is specified using the <privilege type> suffix.
10 <pfx>.DB2CMD.<command type>5 Allows a user to write audit log records for functions that issue Db2® commands in the specified Db2® system (ssid).
Table 3. Resource name suffixes for Db2® object types (DDL SQL statements)
Db2® Object Type Resource Rule Name suffix
ALIAS ALIAS
AUXILIARY TABLE AUXTABLE
DATABASE DATABASE
FUNCTION FUNCTION
GLOBAL TEMPORARY TABLE GBLTABLE
INDEX INDEX
PROCEDURE PROC
ROLE ROLE
SEQUENCE SEQUENCE
STOGROUP STOGROUP
SYNONYM SYNONYM
TABLE TABLE
TABLESPACE TBSPACE
TRIGGER TRIGGER
TRUSTED CONTEXT CONTEXT
TYPE TYPE
VIEW VIEW
Table 4. Resource name suffixes for Db2® privileges (GRANT and REVOKE SQL statements)
Db2® Authorization Type Resource Rule Name suffix
COLLECTION COLLECT
DATABASE DATABASE
TYPE TYPE
JAR JAR
FUNCTION FUNCTION
PACKAGE PACKAGE
PLAN PLAN
PROCEDURE FUNCTION
SCHEMA SCHEMA
SEQUENCE SEQUENCE
SYSTEM SYSTEM
TABLE TABLE
USE USE
Table 5. Resource name suffixes for Db2® commands
Db2® Command Resource Rule Name suffix
ACCESS ACCESS
ALTER ALTER
ARCHIVE ARCHIVE
BIND BIND
CANCEL CANCEL
DISPLAY DISPLAY
FREE FREE
MODIFY MODIFY
REBIND REBIND
RECOVER RECOVER
REFRESH REFRESH
RESET RESET
RUN RUN
SET SET
START START
STOP STOP
TERM TERM
1 The prefix <pfx> for all resource names in this table is FILEM.AUDIT2.<ssid>, where ssid is the Db2® subsystem or group ID.
2 The prefix <pfx> for all resource names in this table is FILEM.AUDIT.<ssid>, where ssid is the Db2® subsystem or group ID.