[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Re: Audit of fallback/catch-all profile in STARTED class
From: Bogdan Belciu <belciu.bogdan () GMAIL ! COM>
Date: 2016-09-12 18:38:26
Message-ID: CADyF5zMTcMYcnX54S8ZfHj7nhg8bfumUBeiYa-U3yJB_UfuZxg () mail ! gmail ! com
[Download RAW message or body]
Hi Elardus,
if you see the reply on this thread of Phil Emrich I was probably wrong.
Actually I was wrong.
The AUDIT setting and the NOTIFY will do nothing for profiles in STARTED
class. The only way you can do it is to enable TRACE(YES) for this profile.
Sorry for misleading. What he said makes perfect sense, the STARTED profile
is not checked in the same way like majority of other classes. As we don't
manage the access list for STARTED profiles or care about UACC.
On Mon, Sep 12, 2016 at 4:55 PM, Elardus Engelbrecht <
elardus.engelbrecht@sita.co.za> wrote:
> Bogdan Belciu wrote:
>
> >I don't know if I understood exactly what you want to do
>
> Understood. In short, I want to know about STCs which are still
> active/alive/running, but is using that wretched ** STARTED profile.
>
> I do not want to know about typos , 91x abends and JCL errors, etc.
>
>
> >but you can set AUDIT(ALL(READ)) to STARTED * or ** profile
>
> Good idea! I have done that now. I have now put UAUDIT to that owner and
> have already setup a daily audit report for usage of that id+group.
>
>
> > ... and to receive the notifications directly when you logon if the
> profile was used you can also set NOTIFY(yourID) to that STARTED * profile.
>
> I will give it a try, but I believe I may get too many false alerts. [1]
>
>
> >I don't think RACF makes any difference if the stc actually started or
> not.. maybe more complex process can be set in place for this but I am not
> aware if this.
>
> Indeed and I am now trying to see what I can do.
>
> Many thanks for your good suggestions! Much appreciated.
>
> Groete / Greetings
> Elardus Engelbrecht
>
> [1] - I see also 'Profile usage information' in zSecure, but I had to
> research that ...
>
--
Best Regards,
Bogdan Belciu
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic