Safeguard Audit Service Manual (G06.24+, H06.03+)
Specifying Auditing
Safeguard Audit Service Manual—520480-014
2-8
Auditing Attempts to Manage Protection Records
Auditing Attempts to Manage Protection
Records
To specify auditing for attempts to manage (change, read, or delete) a particular
protection record, use the AUDIT-MANAGE attributes in the protection record. These
types of records contain AUDIT-MANAGE attributes:
•
User and alias authentication records
•
Object authorization records
•
OBJECTTYPE authorization records
•
Security-Group authorization records
These types of events are considered attempts to manage a protection record:
•
Attempting to change one or more attribute values in a protection record with the
ALTER command
If this event is audited, one primary audit record and two secondary audit records
are written to the current audit file. One secondary record contains an image of the
protection record before the attempted change, and the other secondary record
contains an image of the protection showing the attempted change. For user and
alias records, a total of four secondary records are written. See the note following
this list.
•
Displaying the contents of a protection record with the INFO command
If this event is audited and successful, one primary audit record and one secondary
audit record are written to the current audit file. The secondary record contains the
image of the protection record that was accessed by the INFO command. For user
and alias records, two secondary records are written. See the note following this
list. No auditing is performed for unsuccessful events of this type.
•
Using the LIKE clause of most ADD, ALTER, or SET commands to read the
current values of the security attributes in an existing protection record
If this event is audited and successful, one primary audit record and one secondary
audit record are written to the current audit file. The secondary record contains the
image of the protection record that was accessed by the LIKE clause. For user and
alias records, two secondary records are written. See the note following this list.
No auditing is performed for unsuccessful events of this type.
•
Attempting to freeze or thaw the protection record for a user, object,
OBJECTTYPE, or Security-Group
If this event is audited, one primary audit record and two secondary audit records
are written to the current audit file. One secondary record contains an image of the
protection record before the attempted change, and the other contains an image of
the protection record showing the attempted change. For user and alias records, a
total of four secondary records are written. See the note following this list.