Alternatives for controlling FM/IMS auditing

FM/IMS auditing is an optional facility. There is no requirement to implement it and FM/IMS works if auditing is not implemented. You should consider:

  • Whether user access to IMS databases using File Manager IMS component requires auditing.
  • The information that File Manager audit log records can provide.
  • The information that File Manager audit log records cannot provide, and possible alternatives to obtaining that information.
  • If you do decide to use File Manager auditing, how you will handle any issues associated with large audit log data sets, or additional SMF records.
  • How you will use the information provided by File Manager audit log records.

If your site requires a record of a user's read access to IMS databases, an external security product such as RACF® can be configured to log access by some or all users, and may be a better alternative.

File Manager audit of read access to IMS data does not write audit log records for every segment processed, rather the name of the database and how many segments were processed are written to the audit log.

File Manager audit of changes to IMS data typically writes two log records, a before and after image of the segment that was changed. If you intend to log update changes to IMS databases that are subject to heavy update activity you need to consider the performance impact of writing many audit log records, also the size of any audit log data sets that may be produced

You have two choices as to how you control auditing of FM/IMS activities:

Use FMN1POPT controlled audit logging
This was the original method of controlling auditing and as such only provides limited functionality.

With this method, you control audit logging by specifying the required audit settings in the FM/IMS installation options module.

These points summarize the facilities available with FMN1POPT controlled auditing:

  • The FM/IMS Edit function provides audit logging support, but the other FM/IMS functions do not create audit trails.
  • You can specify different audit settings (such as whether or not auditing is required) for each IMS subsystem that FM/IMS accesses.
  • The audit settings specified for any IMS subsystem apply equally to all FM/IMS users accessing that IMS subsystem.
  • The audit settings specified for any IMS subsystem apply equally to all databases within that IMS subsystem.
  • The Create audit trail option on the Edit Entry panel allows users to request audit logging of their Edit sessions when audit logging is not required.
  • You can specify audit logging to SMF or to the user's audit log data set, but this is an installation-wide setting and you can only get logging to both the user's log data set and SMF if you specify logging to SMF and you request that the audit log is printed at the end of the Edit session.
Use System Authorization Facility (SAF) controlled audit logging
With this method, audit logging is controlled by RACF® (or an equivalent security product) and FACILITY and XFACILIT class profiles that you define.

These points summarize the facilities available with SAF-rule controlled auditing:

  • All FM/IMS functions that access IMS databases provide audit logging support.
  • You can specify different audit settings (such as whether or not auditing is required) for each IMS subsystem that FM/IMS accesses.
  • You can specify different audit settings for different FM/IMS users.
  • You can specify different audit settings for different databases.
  • You can specify different audit settings for each FM/IMS function.
  • You can control whether or not the Create audit trail option on the Edit Entry can be used:
    • To request an audit trail when one is not required.
    • To stop an audit trail being created when one is required.
  • You can specify audit logging to SMF, to the user's audit log data set or, for Edit and Browse only, to the user's audit log data set with automatic (mandatory) printing of the audit log at the end of the session. You can also specify dual logging (to the user's audit log data set and to SMF).
Some other points to consider are:
  • Audit logging to SMF requires additional set-up, but provides a more reliable and secure environment for capturing audit information than audit logging to the user's audit log data set.
  • If an attempt to write an audit log record to SMF or the user's log data set fails, the FM/IMS function terminates.
  • If you implement SAF-rule controlled auditing you need to decide how File Manager auditing will be enabled. This is described in more detail in Customizing the File Manager audit facility for IMS component. There are two alternatives. One requires an enabling SAF rule and the presence of a member in SYS1.PARMLIB. The other requires an enabling SAF rule but has no requirement for a member in SYS1.PARMLIB. The use of a member in SYS1.PARMLIB provides additional facilities compared with the alternative that does not require the use of SYS1.PARMLIB. The additional facilities are documented in File Manager options specified in PARMLIB members.

When you have determined the appropriate type of auditing for your installation, follow the relevant instructions in Customizing the File Manager audit facility for IMS component.