Understanding how SAF controls FM/IMS audit logging

FM/IMS functions that support audit logging when audit logging is controlled by SAF lists the FM/IMS functions that can be made to create an audit trail when audit logging is controlled by SAF.

Table 1. FM/IMS functions that support audit logging when audit logging is controlled by SAF
Function code Function name Description
IB Browse Browse a database
IBB Batch Browse Read a database in batch
IE Edit Edit a database
IEB Batch Edit Edit a database in batch
ILB Load Load data into databases (batch)
IPR Print Print data from a database (batch)
IXB Extract Extract data from databases (batch)

The following describes how SAF controls FM/IMS audit logging.

When functions in FM/IMS functions that support audit logging when audit logging is controlled by SAF are started, SAF is invoked to answer these audit queries:

  • Whether audit logging is required.
  • If audit logging is required, whether audit records should be written to SMF, the user's audit log data set, or both.
  • For Edit and Browse function only, whether the user's audit log data set should be printed at the end of the Edit/Browse session.
  • For Edit function only, whether the Create audit trail option on the Edit Entry panel can be used:
    • To request an audit trail when one is not required.
    • To stop an audit trail being created when one is required.

The responses to these queries are controlled by FACILITY and XFACILIT class profiles that you define.

SAF profiles that control FM/IMS audit logging lists the profiles that control the responses when the query is from a given FM/IMS function that is being used to access a given database in a given IMS subsystem, where:
  • ssid is the IMS subsystem ID.
  • fc is the function code.
  • db is the database name.

SAF profiles that control FM/IMS audit logging lists the profile name (column 1), the class in which the profile must be defined (column 2), and what the profile controls (column 3).

Table 2. SAF profiles that control FM/IMS audit logging
SAF profile Class Description
FILEM.AUDIT1.ssid.TOSMF FACILITY Controls whether audit log records are written to SMF.
FILEM.AUDIT1.ssid.TODSN FACILITY 1. Controls whether audit log records are written to the user's audit log data set.

2. Controls whether the user's audit log data set is printed at the end of the session (for Edit and Browse function only).
FILEM.AUDIT1.ssid.OPTION FACILITY Controls whether the Create audit trail option on the Edit Entry panel can be used to request an audit trail when one is not required (Edit function only).
FILEM.AUDIT1.ssid.fc.db XFACILIT 1. Controls whether audit logging is required.

2. Controls whether the Create audit trail option on the Edit Entry panel can be used to stop an audit trail being created when one is required (Edit function only).

The following sections describe how you use these profiles to control FM/IMS audit logging and how you define these profiles to RACF®.