SOX Auditing of STRSQL and RUNSQLSTM Commands

IBM i 6.1 can now track SQL use specific to the Start SQL Interactive Session and Run SQL Statements commands

IBM i 6.1 can now track SQL use specific to the Start SQL Interactive Session and Run SQL Statements commands

Pick up a newspaper, tune in a radio station or be so bold as to read the news online and you can’t help but be aware that individuals, businesses and governments need to improve user tracking and accountability. The Sarbanes-Oxley Act (SOX) has spurred public companies to enact policies and processes to satisfy the SOX requirements of corporate and auditing accountability. Privately held companies, while not directly covered by SOX, have had a similar emphasis on tracking and justifying their business processes.

DB2* for IBM i customers have long enjoyed the Start SQL Interactive Session (STRSQL) command interface for the execution of SQL statements. Even though DB2 for i has a robust set of security controls to adequately restrict the use of STRSQL and database objects, users still need to track STRSQL for accountability.

This article explains how IBM i 6.1 has been improved to provide the capability to track SQL use specific to the STRSQL and Run SQL Statements (RUNSQLSTM) commands.

Common Setup and Challenge

A vast array of interfaces are available to DB2 for i customers for the execution of SQL statements. Most companies have a well-thought-out and implemented security strategy to limit the interface use to certain users. For example, some customers have chosen to limit WebSphere* Development Studio (5761-WDS) installations to only a few machines used for product builds. This licensed program includes the Integrated Language Environment (ILE) compiler commands, which can be used to create modules, programs and service programs. When the use of the licensed program is limited to certain machines, it becomes much easier to control.

By providing default values within the SQL client special registers, you’ll be able to see the value when using Navigator’s SQL Details for jobs.

Scott Forstie is a senior software engineer at IBM. He can be reached at

comments powered by Disqus



2017 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Untangling Web Query

How metadata can reduce query and report complexity

Protection From Slow Queries

Introducing DB2 for i Adaptive Query Processing

Intelligent Queries

DB2 for i Learning Statistics Engine works smarter

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters