Testing SAF-rule controlled auditing

You can test your SAF rules achieve the desired result using the following method:

  1. Select a "test" TSO logonid, for example "TEST1".
  2. Write the appropriate SAF FACILITY and XFACILIT rules for this logonid.
  3. Activate SAF auditing for logonid TEST1 using the chosen method of activating SAF-controlled auditing. See SAF-controlled auditing for Z Data Tools Db2 component.
  4. Logon using TEST1.

    From the ZDT/Db2 main menu select the Help pull-down menu, option 8 (About Db2®). This should show:

    Auditing  . . . . . : SAF-RULE CONTROLLED

    If it does not then TEST1 does not have access to the TOSMF or TODSN FACILITY rules.

  5. Test individual ZDT/Db2 functions to confirm that audit log records are written (or not) as specified in the appropriate SAF rules.
  6. When testing is complete, activate auditing for all users using your chosen method.