Controlling whether an audit trail is created

When a function in FM/IMS functions that support audit logging when audit logging is controlled by SAF accesses a given database in a given IMS subsystem, three profiles control whether FM/IMS creates an audit trail.

These profiles are:
  • FILEM.AUDIT1.ssid.TOSMF
  • FILEM.AUDIT1.ssid.TODSN
  • FILEM.AUDIT1.ssid.fc.db
where ssid is the IMS subsystem ID, fc is the function code, and db is the database name.

The FILEM.AUDIT1.ssid.TOSMF and FILEM.AUDIT1.ssid.TODSN profiles are discussed in Controlling where FM/IMS writes audit log records where it mentions that if the user does not have access to either of these profiles, then no audit log is created under any circumstances. In the following, we assume that the user does have READ (or higher) access to one or both of these profiles.

The FILEM.AUDIT1.ssid.fc.db profile controls whether the function creates an audit trail.

If the user has no access to this profile, then the function does not create an audit trail. If the user has READ (or higher) access to this profile, then the function does create an audit trail. If the user has CONTROL (or higher) access to this profile and it is the Edit function, then the function creates an audit trail if, and only if, the user has selected the Create audit trail option on the Edit Entry panel.

The following describes how you define this profile to RACF®.