Controlling auditing of File Manager functions

You can use SAF to control whether File Manager writes audit log records for functions which access resources. File Manager function codes that can be audited using SAF shows File Manager function codes which may be logged.

Example 1

  • Enable audit logging of all modifications to data set FMN.TEST.DATA using the File Manager Edit function for all users except TSO logonid MAINT1.

You could write the following RACF® rules:

RDEL XFACILIT FILEM.AUDIT.DSE.UPDATE.FMN.TEST.DATA1
RDEF XFACILIT FILEM.AUDIT.DSE.UPDATE.FMN.TEST.DATA OWNER(XXXXXXXX) UACC(READ)2
PE FILEM.AUDIT.DSE.UPDATE.FMN.TEST.DATA CLASS(XFACILIT) ID(MAINT1) ACC(NONE)3
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log all modifications to data set FMN.TEST.DATA using the File Manager Edit function (DSE). UACC(READ) allows all TSO user IDs to write audit log records (in the absence of any over-riding more specific rule).
  3. A specific rule for logonid MAINT1 to prevent audit log records being written.

Example 2

  • Enable audit logging of all records which are read or modified for data set FMN.TEST.DATA using the File Manager Edit function for user SERVIC1.

You could write the following RACF® rules:

RDEL XFACILIT FILEM.AUDIT.DSE.ALL.FMN.TEST.DATA1
RDEF XFACILIT FILEM.AUDIT.DSE.ALL.FMN.TEST.DATA OWNER(XXXXXXXX) UACC(NONE)2
PE FILEM.AUDIT.DSE.ALL.FMN.TEST.DATA CLASS(XFACILIT) ID(SERVIC1) ACC(READ)3
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log all records which are read or modified for data set FMN.TEST.DATA using the File Manager Edit function (DSE). UACC(NONE) specifies that no TSO user IDs write audit log records (in the absence of any over-riding more specific rule).
  3. A specific rule for logonid SERVICE1 to write audit log records.

Example 3

  • Enable audit logging of functional information for member MEM1 in library FMN.TEST.DATA.PDS using the File Manager Print utility for all users.

You could write the following RACF® rules:

RDEL XFACILIT FILEM.AUDIT.DSP.FUNCTION.FMN.TEST.DATA.PDS.MEM11
RDEF XFACILIT FILEM.AUDIT.DSP.FUNCTION.FMN.TEST.DATA.PDS.MEM1
     OWNER(XXXXXXXX) UACC(READ)2
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log function information when member MEM1 in library FMN.TEST.DATA.PDS is printed using the File Manager Print utility (DSP). UACC(READ) allows all TSO user IDs to write audit log records (in the absence of any over-riding more specific rule).

Example 4

  • Enable audit logging of functional information for all access to Websphere MQ Queue FMN.TEST.QUEUE which is managed by Websphere MQ Queue Manager FMN1 for all users.

You could write the following RACF® rules:

RDEL XFACILIT FILEM.AUDIT.*.FUNCTION.FMN1:FMN.TEST.QUEUE1
RDEF XFACILIT FILEM.AUDIT.*.FUNCTION.FMN1:FMN.TEST.QUEUE
     OWNER(XXXXXXXX) UACC(READ)2
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log function information when Websphere MQ Queue FMN1:FMN.TEST.QUEUE is accessed using any File Manager function (*). UACC(READ) allows all TSO user IDs to write audit log records (in the absence of any over-riding more specific rule).