Implementing SAF-rule controlled auditing
Use the checklist shown here to implement SAF-rule controlled auditing:
- Determine the FACILITY and XFACILIT class profiles required to control FM/IMS audit logging at your installation. The information provided in this section should help you to do that:
- Determine which level of access to these profiles your users will require to meet the audit logging requirements at your installation. The information provided in these sections should help you to do that:
- Define the required profiles to RACF® or
your equivalent security product and provide users with the required
access to these profiles. The information provided in these sections
describes how you do this when using RACF®:
- FILEM.AUDIT1.ssid.TOSMF.
- FILEM.AUDIT1.ssid.TODSN.
- FILEM.AUDIT1.ssid.fc.db..
- FILEM.AUDIT1.ssid.OPTION.
If you use another security product, consult the documentation for your product.
- Activate SAF-rule controlled auditing for the user IDs that you intend to use in Step 5. The information provided in these sections describe how you do that:
- Test your configuration to ensure that audit logging occurs when, and only when, it is required.
- When you are satisfied that FM/IMS audit logging is only occurring when it should, activate SAF controlled audit logging for all FM/IMS users. The information provided in these sections describe how you do that: