SOX Auditing of STRSQL and RUNSQLSTM Commands
IBM i 6.1 can now track SQL use specific to the Start SQL Interactive Session and Run SQL Statements commands
Pick up a newspaper, tune in a radio station or be so bold as to read the news online and you can’t help but be aware that individuals, businesses and governments need to improve user tracking and accountability. The Sarbanes-Oxley Act (SOX) has spurred public companies to enact policies and processes to satisfy the SOX requirements of corporate and auditing accountability. Privately held companies, while not directly covered by SOX, have had a similar emphasis on tracking and justifying their business processes.
DB2* for IBM i customers have long enjoyed the Start SQL Interactive Session (STRSQL) command interface for the execution of SQL statements. Even though DB2 for i has a robust set of security controls to adequately restrict the use of STRSQL and database objects, users still need to track STRSQL for accountability.
This article explains how IBM i 6.1 has been improved to provide the capability to track SQL use specific to the STRSQL and Run SQL Statements (RUNSQLSTM) commands.
Common Setup and Challenge
A vast array of interfaces are available to DB2 for i customers for the execution of SQL statements. Most companies have a well-thought-out and implemented security strategy to limit the interface use to certain users. For example, some customers have chosen to limit WebSphere* Development Studio (5761-WDS) installations to only a few machines used for product builds. This licensed program includes the Integrated Language Environment (ILE) compiler commands, which can be used to create modules, programs and service programs. When the use of the licensed program is limited to certain machines, it becomes much easier to control.
By providing default values within the SQL client special registers, you’ll be able to see the value when using Navigator’s SQL Details for jobs.