Understanding how SAF controls ZDT/IMS audit logging

Table 1 lists the ZDT/IMS functions that can be made to create an audit trail when audit logging is controlled by SAF.

Table 1. ZDT/IMS functions that support audit logging when audit logging is controlled by SAF
Function code Function name Description
IB Browse Browse a database
IBB Batch Browse Read a database in batch
IE Edit Edit a database
IEB Batch Edit Edit a database in batch
ILB Load Load data into databases (batch)
IPR Print Print data from a database (batch)
IXB Extract Extract data from databases (batch)

The following describes how SAF controls ZDT/IMS audit logging.

When functions in Table 1 are started, SAF is invoked to answer these audit queries:

The responses to these queries are controlled by FACILITY and XFACILIT class profiles that you define.

Table 2 lists the profiles that control the responses when the query is from a given ZDT/IMS function that is being used to access a given database in a given IMS™ subsystem, where:
  • ssid is the IMS subsystem ID.
  • fc is the function code.
  • db is the database name.

Table 2 lists the profile name (column 1), the class in which the profile must be defined (column 2), and what the profile controls (column 3).

Table 2. SAF profiles that control ZDT/IMS audit logging
SAF profile Class Description
FILEM.AUDIT1.ssid.TOSMF FACILITY Controls whether or not audit log records are written to SMF.
FILEM.AUDIT1.ssid.TODSN FACILITY 1. Controls whether or not audit log records are written to the user's audit log data set.

2. Controls whether or not the user's audit log data set is printed at the end of the session (for Edit and Browse function only).

FILEM.AUDIT1.ssid.OPTION FACILITY Controls whether or not the Create audit trail option on the Edit Entry panel can be used to request an audit trail when one is not required (Edit function only).
FILEM.AUDIT1.ssid.fc.db XFACILIT 1. Controls whether or not audit logging is required.

2. Controls whether or not the Create audit trail option on the Edit Entry panel can be used to stop an audit trail being created when one is required (Edit function only).

The following sections describe how you use these profiles to control ZDT/IMS audit logging and how you define these profiles to RACF®.