ZDT/Db2 auditing FACILITY and XFACILIT class resource names

These two tables (and associated tables) list FACILITY and XFACILIT class resource names and details.

Table 1. ZDT/Db2 auditing FACILITY class resource names
Rule Number Resource Name1 Purpose
1 <pfx>.TODSN Allows a user to write audit log records to the user's audit log data set.
2 <pfx>.TOSMF Allows a user to write audit log records to SMF.
3 <pfx>.OPTION Allows the user access to the "Create audit trail" option on selected ZDT/Db2 panels.
Note:
  1. The prefix <pfx> for all resource names in this table is FILEM.AUDIT2.<ssid>, where ssid is the Db2® subsystem or group ID.
Table 2. ZDT/Db2 auditing XFACILIT class resource names
Rule Number Resource Name suffix1 Purpose
1 <pfx>.READ.OBJ.<object> Allows a user to write audit log records for functions that read data from the specified local object (object) in the specified Db2 system (ssid).
2 <pfx>.UPDATE.OBJ.<object> Allows a user to write audit log records for functions that change data from the specified local object (object) in the specified Db2 system (ssid).
3 <pfx>.READ.REMOBJ.<object> Allows a user to write audit log records for functions that read data from the specified remote object (object), when accessed from the specified Db2 system (ssid).
4 <pfx>.UPDATE.REMOBJ.<object> Allows a user to write audit log records for functions that update data from the specified remote object (object), when accessed from the specified Db2 system (ssid).
5 <pfx>.READ.ADHOCSQL Allows a user to write audit log records for functions that read data from some result table in the specified Db2 system (ssid).
6 <pfx>.UPDATE.ADHOCSQL Allows a user to write audit log records for functions that update data for some result table in the specified Db2 system (ssid). Alternatively, allows a user to write audit log records for SQL statements that might update data in the specified Db2 system (ssid).
7 <pfx>.OTHER.ADHOCSQL Allows a user to write audit log records for functions that issue SQL statements that are not covered by the READ or UPDATE ADHOCSQL rules, or the DDL and AUTH rules, in the specified Db2 system (ssid).
8 <pfx>.DDL.<objecttype>2 Allows a user to write audit log records for functions that issue DDL statements (such as CREATE, DROP, ALTER and RENAME) in the specified Db2 system (ssid). The type of Db2 object is specified using the <object type> suffix.
9 <pfx>.AUTH.<privilege type>3 Allows a user to write audit log records for functions that issue SQL statements (such as GRANT, REVOKE) that explicitly alter Db2 privileges in the specified Db2 system (ssid). The type of Db2 privilege is specified using the <privilege type> suffix.
10 <pfx>.DB2CMD.<command type>4 Allows a user to write audit log records for functions that issue Db2 commands in the specified Db2 system (ssid).
Note:
  1. The prefix <pfx> for all resource names in this table is FILEM.AUDIT.<ssid>, where ssid is the Db2 subsystem or group ID.
  2. See Table 3.
  3. See Table 4.
  4. See Table 5.
Table 3. Resource name suffixes for Db2 object types (DDL SQL statements)
Db2 Object Type Resource Rule Name suffix
ALIAS ALIAS
AUXILIARY TABLE AUXTABLE
DATABASE DATABASE
FUNCTION FUNCTION
GLOBAL TEMPORARY TABLE GBLTABLE
INDEX INDEX
PROCEDURE PROC
ROLE ROLE
SEQUENCE SEQUENCE
STOGROUP STOGROUP
SYNONYM SYNONYM
TABLE TABLE
TABLESPACE TBSPACE
TRIGGER TRIGGER
TRUSTED CONTEXT CONTEXT
TYPE TYPE
VIEW VIEW
Table 4. Resource name suffixes for Db2 privileges (GRANT and REVOKE SQL statements)
Db2 Authorization Type Resource Rule Name suffix
COLLECTION COLLECT
DATABASE DATABASE
TYPE TYPE
JAR JAR
FUNCTION FUNCTION
PACKAGE PACKAGE
PLAN PLAN
PROCEDURE FUNCTION
SCHEMA SCHEMA
SEQUENCE SEQUENCE
SYSTEM SYSTEM
TABLE TABLE
USE USE
Table 5. Resource name suffixes for Db2 commands
Db2 Command Resource Rule Name suffix
ACCESS ACCESS
ALTER ALTER
ARCHIVE ARCHIVE
BIND BIND
CANCEL CANCEL
DISPLAY DISPLAY
FREE FREE
MODIFY MODIFY
REBIND REBIND
RECOVER RECOVER
REFRESH REFRESH
RESET RESET
RUN RUN
SET SET
START START
STOP STOP
TERM TERM