Safeguard Audit Service Manual (G06.24+, H06.03+)
SAFEART Field Descriptions
Safeguard Audit Service Manual—520480-014
7-37
User Authentication Record
PatternNumSearch
specifies the number of pattern protection records searched and discarded before
determining the outcome. This count includes the final selected pattern, if any.
Field type is unsigned integer.
PatternReductionLevel
indicates how many levels of pattern reduction were used to determine the final
pattern. Field type is enumerated. Possible values are Collation and Initial.
PatternTsEnd
indicates when the pattern search ended. Field type is timestamp.
PatternTsStart
indicates when the pattern search began. Field type is timestamp.
User Authentication Record
The Safeguard subsystem maintains an authentication record for each user and alias
on the system. Attempts to add, delete, read, or change these records might be
audited, depending on whether auditing has been specified for such events.
If auditing is specified and an attempt is made to add, delete, or read an authentication
record, a secondary record is generated that contains an image of the authentication
record.
If auditing is specified and an attempt is made to change an authentication record, a
pair of secondary records is generated. One contains an image of the record before
the attempted change, and the other contains an image of the record showing the
attempted change.
For every image of an authentication record, there is a corresponding image of an
extension to the authentication record. This extension contains additional user
attributes. For more information, see User Record Extensions
on page 7-42.
These attributes appear in the secondary text area for a user or alias authentication
record:
Aclentries
is a conditional structure that occurs only if DEFAULT-PROTECTION is defined for
the user. Each line represents a different ACL entry. The component items of each
line are described in Protection Record
on page 7-26. You cannot use these items
SET WHERE commands.
UserAuditAuthenFail
specifies conditions for auditing unsuccessful authentication attempts. This field
was previously called UserAuditAccessFail. SAFEART no longer accepts the old