Safeguard Audit Service Manual (G06.29+, H06.08+, J06.03+)
Specifying Auditing
Safeguard Audit Service Manual — 520480-031
2 - 12
Auditing Events Performed by a Specific User
If AUDIT-MANAGE-PASS is specified, the successful operation is recorded in the
current audit file.
3. If the user lacks the required authority, the Safeguard subsystem issues a security
violation (error 48) and checks the value of the AUDIT-MANAGE-FAIL attribute. If
AUDIT-MANAGE-FAIL is specified, the failed operation is recorded in the current
audit file.
Auditing Events Performed by a Specific User
You can specify auditing for events performed by a specific user ID through the
AUDIT-USER-ACTION attributes in the user authentication record. These attributes
are set at logon time. Modifications of these attributes do not take effect immediately
for user IDs that are already logged on. You must log on again for the attributes to take
place. These attributes enable the auditing of user actions that involve the Safeguard
subsystem, in particular:
•
Attempts to access any of these types of objects (even if they are not protected by
a Safeguard record):
°
Disk files, subvolumes, and volumes
°
Processes and subprocesses
°
Devices and subdevices
•
Attempts to create or manage Safeguard protection records
These attributes enable auditing for user actions.
specifies the conditions under which successful actions performed by the user are
recorded in the current audit file.
specifies the conditions under which unsuccessful actions performed by the user are
recorded in the current audit file.
The audit-spec vari
able for AUDIT-USER-ACTION-PASS and AUDIT-USER-
ACTION-FAIL can be any one of these four values:
ALL
All attempts made by the user are recorded in the current audit file.
LOCAL
Local attempts made by the user are recorded in the current audit file. (A local
attempt is made by a user logged on to this system.)
AUDIT-USER-ACTION-PASS audit-spec
AUDIT-USER-ACTION-FAIL audit-spec