SAF-controlled auditing without SYS1.PARMLIB

You need to define an enabling SAF facility profile as described below:

Define SAF facility profile


FILEM.SAFAUDIT.BASE

and ensure that all File Manager Base users to be audited have at least read access to that facility. See the example below.

Example

User PROD2 to have SAF-rule controlled auditing without using SYS1.PARMLIB.

Write this RACF® rule:


RDEF FACILITY FILEM.SAFAUDIT.BASE AUDIT(NONE) UACC(NONE) OWNER(ownerid)
PE FILEM.SAFAUDIT.BASE ACC(READ) ID(PROD2) CLASS(FACILITY)

If you use this method and intend to write audit records to SMF, the required SMF number is specified in the FMN0POPT module. See Customizing File Manager to write audit records to SMF for more information.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the IBM Software Support site.