ACFRPTDS report not capturing updates or logging for IAM files

book

Article ID: 107107

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction



Auditors require WRITE and ALLOC access for IAM files are logged but looking at the ACFRPTDS only ALLOC is getting captured. WRITE access to IAM files are not getting captured in the report.

Environment

Release:
Component: ACF2MS

Resolution

IAM fields are not normal z/OS datasets. ACF2 uses an intercept in SVC019 (OPEN SVC) and ignores SAF calls for SVC019 with normal datasets.  A SAFDEF to validate IAM calls is needed.

A sample SAFDEF:

INSERT SAFDEF.FAIDIAM ID(FAIDIAM) MODE(GLOBAL) RB(SVC019) RACROUTE(REQUEST=AUTH CLASS=DATASET REQSTOR=IAMAVSOC)

Please verify from IAM documentation or from the vendor if that is still the correct SAFDEF. 

Additional Information

Another option to check on what the SAF call used to code up the SAFDEF is to run a SECTRACE.