SAF-controlled auditing using SYS1.PARMLIB
You need to define an enabling SAF facility profile as described below:
FILEM.PARMLIB.DB2
and ensure all File Manager Db2® users
to be audited have at least read access to that facility. See the
example below: Example
User PROD1 to have SAF-rule controlled auditing using SYS1.PARMLIB.
Write this RACF® rule:
RDEF FACILITY FILEM.PARMLIB.DB2 AUDIT(NONE) UACC(NONE) OWNER(ownerid)
PE FILEM.PARMLIB.DB2 ACC(READ) ID(PROD1) CLASS(FACILITY)
Add member FMN2PARM to SYS1.PARMLIB (or any other library in the logical parmlib concatenation). Defining the FMN2PARM member.
Once the above SAF rule is defined and activated, auditing for File Manager Db2® component users is controlled by the FMAUDIT parameter in the FMN2PARM member. See FM/Db2 options specified in FMN2PARM for more information. If audit log records are to be written to SMF, the SMF record number is specified as an FMAUDIT parameter option. See FMAUDIT, and SMF_NO.
If SAF processing is not active, or the rule is not defined, or the rule is defined and the user has no access, then no parmlib processing is performed.