Several other audit journal entry types can also help you debug issues or help you verify that processes are being followed when it comes to objects. These include OW (Ownership Changes), CA (Authority Changes), CO (Creation of Objects), and DO (Deletion of Objects). How you use these are limited only by your imagination, but here’s an example of each to get you started.
Perhaps your earlier analysis via OBJECT_STATISTICS showed that one or more objects weren’t owned correctly and you need to determine who changed the ownership and when. To determine that, use the OW audit journal entry. (To generate these entries, either *SECRUN or *SECURITY must be specified in the QAUDLVL system value.) Of course, the change would have had to happen within the timeframe of the audit journal receivers that you have on the system, but assuming that’s the case, this will give you the information you need. The following lists the entries where the previous owner is PROD_OWNER but was changed within the last week.
As with ownership changes, if authorities are changed, you’ll want to know. I didn’t discuss this for the OW entries, but you’ll typically want to narrow down your search because the operating system generates OW and CA entries every time you create an object. In other words, there are lots of OW and CA entries and you won’t want to wade through them all to get to the information you’re looking for. (To generate CA audit entries, you’ll have to include either *SECRUN or *SECURITY in the QAUDLVL system value.)
The following will list the changes to authority for objects in the PROD_LIB for all profiles except the profile running the change-management process. Most organizations that I’ve worked with want authorities configured such that developers can’t change authority to production objects. All changes should come through an approved change-management process; therefore, you probably don’t want to list the changes made by the change-management software. I strive to eliminate “known” or “approved” entries and focus on the exceptions so that it’s easier to identify things that shouldn’t have occurred, so I’ve eliminated the authority changes made by the profile running change management.