DB2 Audits

Kevin Arnold

DB2 Audits
Our internal audit department has asked for suggestions on how to monitor and verify DDL/DML changes to our production z/OS DB2 v8 database are being performed in an authorized manner. Obviously we have a change control process which requires appropriate signoff's. Beyond that, we produce a report based upon log files which shows what DDL/DML has been done, by whom, and when. We do not currently go back and validate that those changes were all appropriate and authorized, but will do spot checks on occasion. Our DBA's have DBADM, a couple of tech's have Install SYSADM, and we are soon to have RACF control to control special authorities. RACF will also give us reports on who used DML to update which tables. But even with this, it seems it would be pretty easy for someone to manipulate data without being detected if they chose to do so.

How do you guys do this? What reports do you use? Thanks.


CONFIDENTIALITY NOTICE: The Ohio Public Employees Retirement System intends this e-mail message, and any attachments, to be used only by the person(s) or entity to which it is addressed. This message may contain confidential and/or legally privileged information. If the reader is not the intended recipient of this message or an employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that you are prohibited from printing, copying, storing, disseminating or distributing this communication. If you received this communication in error, please delete it from your computer and notify the sender by reply e-mail.

Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". The IDUG DB2-L FAQ is at http://www.idugdb2-l.org. The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm