Controlling auditing of FM/CICS functions

You can use SAF to control whether FM/CICS writes audit log records for functions which access resources. FM/CICS function codes that can be audited using SAF shows FM/CICS function codes which may be logged.

Example 1

  • Enable audit logging of all modifications to temporary storage queue TS01 using the FM/CICS temporary storage queue edit function for all users except TSO logonid MAINT1.

You could write the following RACF® rules:

RDEL XFACILIT FILEM.AUDIT3.CICSAPLD.CTE.UPDATE.TS011
RDEF XFACILIT FILEM.AUDIT3.CICSAPLD.CTE.UPDATE.TS01 OWNER(XXXXXXXX) UACC(READ)2
PE FILEM.AUDIT3.CTE.UPDATE.CICSAPLD.TS01 CLASS(XFACILIT) ID(MAINT1) ACC(NONE)3
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log all modifications to temporary storage queue TS01 using the FM/CICS temporary storage queue edit function (CTE). UACC(READ) allows all TSO user IDs to write audit log records (in the absence of any over-riding more specific rule).
  3. A specific rule for logonid MAINT1 to prevent audit log records being written.

Example 2

  • Enable audit logging of all modifications together with all records read for transient data set TD01 using the FM/CICS transient data queue edit function (CDE) for user SERVIC1.

You could write the following RACF® rules:

RDEL XFACILIT FILEM.AUDIT3.CICSAPLD.CDE.ALL.TD011
RDEF XFACILIT FILEM.AUDIT3.CICSAPLD.CDE.ALL.TD01 OWNER(XXXXXXXX) UACC(NONE)2
PE FILEM.AUDIT3.CICSAPLD.CDE.ALL.TD01 CLASS(XFACILIT) ID(SERVIC1) ACC(READ)3
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log all modification and all records read for transient data queue TD01 using the FM/CICS transient data queue edit function (CDE). Uacc(NONE) specified that no TSO user IDs write audit log records (in the absence of any over-riding more specific rule).
  3. A specific rule for logonid SERVIC1 to write audit log records.

Example 3

  • Enable audit logging of functional information for data set FMN.CICS.KSDS using the FM/CICS file print utility for all users.

You could write the following RACF® rules:

RDEL XFACILIT FILEM.AUDIT3.CICSAPLD.CFP.FUNCTION.FMN.CICS.KSDS1
RDEF XFACILIT FILEM.AUDIT3.CICSAPLD.CFP.FUNCTION.FMN.CICS.KSDS
     OWNER(XXXXXXXX) UACC(READ)2
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log function information when data set FMN.CICS.KSDS is printed using the FM/CICS file print utility (CFP). UACC(READ) allows all TSO user IDs to write audit log records (in the absence of any over-riding more specific rule).