MCP Security Overview and Implementation Guide
Securing Databases and ADDS Dictionaries

Protecting the Database Audit Files

Supplying a Guard File Title

You can secure the database audit files by including a guard file title in the audit trail attributes specification in the database description. Securing the database audit files prevents unauthorized access to the audit files by both database and non-database users. Unauthorized users are any users that use their own programs to read or write to the audit files.

Example

The following DASDL statement secures the audit files for an Enterprise Database Server database with a guard file titled (DBA)SECURE/AUDITTRAIL ON P:

AUDIT TRAIL (KIND=DISK, SECURITYGUARD = (DBA)SECURE/AUDITTRAIL ON P);

Guard File Contents

The contents of the guard file for the audit files should specify read and write access for the DBA and the following utilities and libraries:

SYSTEM/DMRECOVERY
SYSTEM/DMRECONFILTER
SYSTEM/DMDATARECOVERY
SYSTEM/DMUTILITY
SYSTEM/COPYAUDIT
SYSTEM/PRINTAUDIT
RECONSTRUCT/<database name>
DMSUPPORT/<database name>
RMSUPPORT/<database name>

Prev	Up	Next
Protecting the Database Data Files	Home	Logical Database Security

MCP Security Overview and Implementation GuideSecuring Databases and ADDS Dictionaries

Protecting the Database Audit Files

MCP Security Overview and Implementation Guide
Securing Databases and ADDS Dictionaries