IBM OS/390 Server User Manual


 
Chapter 8. Auditing Considerations
This section summarizes the changes to auditing procedures for SMF records.
SMF Records
Figure 12 summarizes changes to SMF records created by RACF for OS/390
Release 4. These changes are general-use programming interfaces (GUPI).
For more information on SMF records, see
OS/390 Security Server (RACF) Macros
and Interfaces
.
The RACF/DB2 external security module can be used to protect DB2 objects using
RACF profiles. If your installation chooses to use this function, RACF SMF Type 80
records can be used to audit access attempts to DB2 data and resources. For more
information on auditing for the RACF/DB2 external security module, see
OS/390
Security Server (RACF) Auditor's Guide
.
Figure 12. Changes to SMF Records
Record
Type
Record
Field Description of Change Support
80 SMF80DTA When program control through system
ID is operating, a new bit is defined in
an existing relocate section for SMF
TYPE80 records written by the
PERMIT command. The relocate
section is data type 39 (X'27'), and the
new bit indicates that the conditional
entity type is SYSID.
Program control
through system
ID
80 SMF80DA2 This record with a ck_priv event code
is written when an authorization check
is done for a superuser. The record
contains the audit function code to
indicate that the ck_priv callable
service was called from spawn
(IRRSPK00).
OpenEdition
auditing of
superuser use
Copyright IBM Corp. 1994, 1997 33