Accessing Files Programmer's Guide (32650-90885)
176 Chapter13
Maintaining File Security
Access Control Definition Security (ACD)
Logging begins whenever the system is rebooted; however, not all events are automatically
enabled. Some, including those listed above, are initially disabled. You can, however,
request that a new file be started.
To keep a certain type of log, the system operator or system manager must change its
status to ON (configure it) in SYSDIAG. To see log records displayed, call the LOGTOOL
utility from SYSGEN.
For a discussion of these and other logging facilities, consult these topics in Performing
System Operator Tasks: SYSDIAG, the LOGTOOL utility, and SYSGEN System Logging.
Log of password changes
System logging records when a user, group, or account password is changed by an MPE/iX
command or a utility program. This log is initially disabled (OFF).
The information recorded in this logging includes
• header
— record type
— record length
— time stamp
— job or session number
— PIN
• Log information
— the identification of the user who changed a password: job or session name, user
name, group name, and account name
— the identification of a user whose password was changed: user name, group name,
and account name whenever the affected password changes
— input logical device number from which the password was changed
— program file name from which password change was executed
— type changed: 1 = user, 2 = group, 4 = account
In this example, JOHN.PAYROLL,DOE, job or session name JREPORT, successfully changed
the account password for PAYROLL through the command excutor. The change was made
from LDEV 21.
The LOGTOOL utility formats the following layout after the standard header:
TARGET USER: TARGET GROUP:
TARGET ACCOUNT: PAYROLL TYPE CHANGED: ACCOUNT
LDEV: 21
EXECUTED FROM: CI.PUB.SYS
USER: JOHN GROUP: DOE
ACCOUNT: PAYROLL JSNAME: JREPORT