Controlling where FM/IMS writes audit log records
When a function in FM/IMS functions that support audit logging when audit logging is controlled by SAF accesses a given IMS™ subsystem, two profiles control where FM/IMS writes audit log records. These profiles are FILEM.AUDIT1.ssid.TOSMF and FILEM.AUDIT1.ssid.TODSN, where ssid is the IMS™ subsystem ID. Each of these profiles are discussed in turn.
- FILEM.AUDIT1.ssid.TOSMF
- This profile controls whether any audit log records that this function may create are written to SMF. If the user has no access to this profile, then the function does not write audit log records to SMF. If the user has READ (or higher) access to this profile, then any audit log records that this function may create are written to SMF.
- FILEM.AUDIT1.ssid.TODSN
- This profile controls whether any audit log records that this function may create are written to the user's audit log data set. For the Edit and Browse function, it also controls whether or not the user's audit log data set is printed at the end of the Edit/Browse session. If the user has no access to this profile, then the function does not write audit log records to the user's audit log data set. If the user has READ (or higher) access to this profile, then any audit log records that this function may create are written to the user's audit log data set. If the user has UPDATE (or higher) access to this profile, and it is the Edit or Browse function, and the function created an audit trail, then the user's audit log data set is printed at the end of the Edit/Browse session.
If the user does not have access to either of these profiles, then FM/IMS does not create an audit trail under any circumstances. So, apart from controlling where the audit log is written, these profiles can also affect whether or not an audit trail is created.
The following describes how you define these profiles to RACF®.