Controlling where Z Data Tools writes audit log records

You can use SAF to control whether Z Data Tools writes audit log records to SMF, the user's audit log data set, or to both.

Table 1 shows the SAF FACILITY class resource names used to control Z Data Tools to logging and the user's audit log data set.

Example 1

You could write the following RACF® rules:

RDEL FACILITY FILEM.AUDIT.TOSMF1
RDEL FACILITY FILEM.AUDIT.TODSN1
RDEF FACILITY FILEM.AUDIT.TOSMF UACC(NONE) OWNER(XXXXXXX)2
RDEF FACILITY FILEM.AUDIT.TODSN UACC(NONE) OWNER(XXXXXXX)3
PE FILEM.AUDIT.TOSMF ACC(READ) ID(PROD) CLASS(FACILITY)4
Explanation:
  1. Delete any existing facility rule.
  2. Define the facility rule for audit logging to SMF (TOSMF suffix). UACC(NONE) is used so that any user, for which there is no specific rule, has no access.
  3. Define the facility rule for audit logging to the user's audit log data set (TODSN suffix). UACC(NONE) is used so that any user, for which there is no specific rule, has no access.
  4. Allow logonid PROD to write audit log records (ACC(READ)) to SMF.

Example 2

You could write the following RACF rules:

RDEL FACILITY FILEM.AUDIT.TOSMF1
RDEL FACILITY FILEM.AUDIT.TODSN1
RDEF FACILITY FILEM.AUDIT.TOSMF UACC(NONE) OWNER(XXXXXXX)2
RDEF FACILITY FILEM.AUDIT.TODSN UACC(READ) OWNER(XXXXXXX)3
PE FILEM.AUDIT.TODSN ACC(UPDATE) ID(PROD1) CLASS(FACILITY)4
PE FILEM.AUDIT.TODSN ACC(UPDATE) ID(PROD2) CLASS(FACILITY)4
PE FILEM.AUDIT.TODSN ACC(UPDATE) ID(PROD3) CLASS(FACILITY)4
Explanation:
  1. Delete any existing facility rule.
  2. Define the facility rule for audit logging to SMF (TOSMF suffix). UACC(NONE) is used so that any user, for which there is no specific rule, has no access.
  3. Define the facility rule for audit logging to the user's audit log data set (TODSN suffix). UACC(READ) is used so that any user, for which there is no specific rule, has read access, and can therefore write audit log records.
  4. Allow logonids PROD1, PROD2, PROD3 to write audit log records with automatic printing of the audit report ("Demand logging") (ACC(UPDATE)), to SMF.

Example 3

You could write the following RACF rules:

RDEL FACILITY FILEM.AUDIT.TOSMF1
RDEL FACILITY FILEM.AUDIT.TODSN1
RDEF FACILITY FILEM.AUDIT.TOSMF UACC(READ) OWNER(XXXXXXX)2
RDEF FACILITY FILEM.AUDIT.TODSN UACC(READ) OWNER(XXXXXXX)3
Explanation:
  1. Delete any existing facility rule.
  2. Define the facility rule for audit logging to SMF (TOSMF suffix). UACC(READ) is used so that any user, for which there is no specific rule, has access (and can therefore write audit records to SMF).
  3. Define the facility rule for audit logging to the user's audit log data set (TODSN suffix). UACC(READ) is used so that any user, for which there is no specific rule, has access (and can therefore write audit records to the user's audit log data set).