How ZDT/CICS determines whether audit log records should be written

The determination of whether audit records are to be written for a particular ZDT/CICS function and a given TSO logonid follows this three step process:

  1. Step 1.
    • If auditing is being controlled by means of parmlib, the HFMAUDIT specification of the HFM3PARM member is used as follows.

      The FMAUDIT specification setting in the HFM3PARM member (in SYS1.PARMLIB or any other library in the logical parmlib concatenation) is the "master" switch for SAF-rule controlled auditing. Note that there are facilities available to specify different settings in the HFM3PARM member for different TSO logonids. See ZDT/CICS options specified in HFM3PARM for more information. For any given TSO logonid, there are two possibilities:

      SAF_CTRL=NO
      SAF-rule controlled auditing is not in effect. Auditing is determined by the settings in the HFM3POPT module, see Customizing the Z Data Tools audit facility for CICS component.
      SAF_CTRL=YES
      SAF-rule controlled auditing is in effect. Processing continues to Step 2.
    • If auditing is being controlled using the method which does not access the parmlib concatenation, the TSO logonid has READ access to the DAF FACILITY rule FILEM.SAFAUDIT.CICS for processing to continue to Step 2.
  2. Step 2.

    Does the user have access to write audit records?

    This is determined by the user's access to rules 1 and 2 in Table 1; the various outcomes are summarized in Table 1.

    Table 1. Determination of a user's ability to write audit log records
    TODSN access1 TOSMF access2 OPTION access3 Can write audit records? Demand logging? "Create audit trail" option4
    NONE NONE ANY No No Not visible
    READ NONE NONE Yes, data set only No Not visible
    READ NONE READ Yes, data set only No Visible
    UPDATE NONE NONE Yes, data set only Yes Not visible
    UPDATE NONE READ Yes, data set only Yes Visible
    NONE READ NONE Yes, SMF only No Not visible
    NONE READ READ Yes, SMF only No Visible
    READ READ NONE Yes, to data set and SMF No Not visible
    READ READ READ Yes, to data set and SMF No Visible
    UPDATE READ NONE Yes, to data set and SMF Yes Not visible
    UPDATE READ READ Yes, to data set and SMF Yes Visible
    Note:
    1. Refers to the level of access the user has to SAF FACILITY rule 1 in Table 1.
    2. Refers to the level of access the user has to SAF FACILITY rule 2 in Table 1.
    3. Refers to the level of access the user has to SAF FACILITY rule 3 in Table 1.
    4. The visibility of the "Create audit trail" option does not influence whether a user can write audit log records, although the user must have access to write audit log records (to either a data set or SMF), for the option to be visible.

    If the user does not have the ability to write audit log records, then no check of SAF resource names in Step 3 occurs.

    A user's access to write audit log records at Step 2 only indicates that auditing might occur. The final decision depends on the user's level of access to the XFACILIT resource name (or names) that apply to the particular ZDT/CICS function.

  3. Step 3.

    Does the user have access to write audit records for the current function and data set?

    The XFACILIT resource names used by ZDT/CICS to determine whether audit records should be written depend on the ZDT/CICS function being executed and the data set being accessed.

    Table 2 shows the function codes which are supported.

    Table 2. ZDT/CICS function codes that can be audited using SAF
    Function code Online option Description
    CSL Delete prefix command Delete queue
    CTB Browse prefix command Browse temporary storage queue
    CTE 2 Edit temporary storage queue
    CTV 1 View temporary storage queue
    CTP 3.2 Print temporary queue
    CDB Browse prefix command Browse transient data queue
    CDE 2 Edit transient data queue
    CDV 1 View transient data queue
    CDP 3.2 Print transient data queue
    CFB Browse prefix command Browse file
    CFE 2 Edit file
    CFV 1 View file
    CFP 3.2 Print file