Safeguard Audit Service Manual (G06.24+, H06.03+)

Specifying Auditing

Safeguard Audit Service Manual—520480-014

2-7

How Attempts to Add Protection Records Are

Audited

user logged on to a remote system. The process itself might be running on the

network user's system or on this system.)

NONE

No attempts to add a protection record of a given type are recorded in the current

audit file. NONE is the default value for both AUDIT-ACCESS-PASS and AUDIT-

ACCESS-FAIL.

Example

This example shows how the owner of the authorization record for OBJECTTYPE

DISKFILE can specify the auditing of all successful attempts to add protection records

for disk files:

=ALTER OBJECTTYPE DISKFILE, AUDIT-ACCESS-PASS all

How Attempts to Add Protection Records Are Audited

When an attempt is made to add a protection record, the Safeguard subsystem

performs this procedure to authorize the action and to determine if auditing is required:

1. The appropriate OBJECTTYPE record is consulted to determine whether the user

attempting to add the protection record has the required authority.

2. If the user has the required authority, the Safeguard subsystem creates the

protection record and checks the value of AUDIT-ACCESS-PASS in the

OBJECTTYPE record. If AUDIT-ACCESS-PASS is specified, the Safeguard

subsystem writes one primary audit record and one secondary audit record to the

current audit file. The secondary record contains the image of the protection record

that was added.

3. If the user is not authorized, the Safeguard subsystem issues a security violation

(error 48) and checks the value of AUDIT-ACCESS-FAIL in the OBJECTTYPE

record. If AUDIT-ACCESS-FAIL is specified, the Safeguard subsystem writes one

primary audit record and one secondary record to the current audit file. The

secondary record contains the image of the protection record that the user

attempted to add.