Controlling auditing of Z Data Tools functions

You can use SAF to control whether Z Data Tools writes audit log records for functions which access resources. Table 2 shows Z Data Tools function codes which may be logged.

Example 1

You could write the following RACF® rules:

RDEL XFACILIT FILEM.AUDIT.DSE.UPDATE.HFM.TEST.DATA1
RDEF XFACILIT FILEM.AUDIT.DSE.UPDATE.HFM.TEST.DATA OWNER(XXXXXXXX) UACC(READ)2
PE FILEM.AUDIT.DSE.UPDATE.HFM.TEST.DATA CLASS(XFACILIT) ID(MAINT1) ACC(NONE)3
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log all modifications to data set HFM.TEST.DATA using the Z Data Tools Edit function (DSE). UACC(READ) allows all TSO user IDs to write audit log records (in the absence of any over-riding more specific rule).
  3. A specific rule for logonid MAINT1 to prevent audit log records being written.

Example 2

You could write the following RACF rules:

RDEL XFACILIT FILEM.AUDIT.DSE.ALL.HFM.TEST.DATA1
RDEF XFACILIT FILEM.AUDIT.DSE.ALL.HFM.TEST.DATA OWNER(XXXXXXXX) UACC(NONE)2
PE FILEM.AUDIT.DSE.ALL.HFM.TEST.DATA CLASS(XFACILIT) ID(SERVIC1) ACC(READ)3
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log all records which are read or modified for data set HFM.TEST.DATA using the Z Data Tools Edit function (DSE). UACC(NONE) specifies that no TSO user IDs write audit log records (in the absence of any over-riding more specific rule).
  3. A specific rule for logonid SERVICE1 to write audit log records.

Example 3

You could write the following RACF rules:

RDEL XFACILIT FILEM.AUDIT.DSP.FUNCTION.HFM.TEST.DATA.PDS.MEM11
RDEF XFACILIT FILEM.AUDIT.DSP.FUNCTION.HFM.TEST.DATA.PDS.MEM1
     OWNER(XXXXXXXX) UACC(READ)2
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log function information when member MEM1 in library HFM.TEST.DATA.PDS is printed using the Z Data Tools Print utility (DSP). UACC(READ) allows all TSO user IDs to write audit log records (in the absence of any over-riding more specific rule).

Example 4

You could write the following RACF rules:

RDEL XFACILIT FILEM.AUDIT.*.FUNCTION.FMN1:HFM.TEST.QUEUE1
RDEF XFACILIT FILEM.AUDIT.*.FUNCTION.FMN1:HFM.TEST.QUEUE
     OWNER(XXXXXXXX) UACC(READ)2
Explanation:
  1. Delete any existing XFACILIT rule.
  2. Define the XFACILIT rule to log function information when Websphere MQ Queue FMN1:HFM.TEST.QUEUE is accessed using any Z Data Tools function (*). UACC(READ) allows all TSO user IDs to write audit log records (in the absence of any over-riding more specific rule).