What exactly is the FASTPATH processing and the audit trail documented in the Admin Guide?
search cancel

What exactly is the FASTPATH processing and the audit trail documented in the Admin Guide?

book

Article ID: 11175

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

What is OMVS and ACF2 FASTPATH processing and an audit trail?

Environment

Release:
Component: ACF2MS

Resolution

When the BPX.SAFFASTPATH FACILITY class profile is defined, the external security manager is not called if z/OS UNIX can determine that file access will be successful. When the external security manager is bypassed, better performance is achieved, but the audit trail of successful accesses is eliminated.

BPX.SAFFASTPATH FACILITY only applies to HFS permission bit setting. As of V2R5, HFS is no longer supported.
BPX.SAFFASTPATH FACILITY does apply to OMVS check process owner and the IPC processing.

When the BPX.SAFFASTPATH FACILITY class profile is defined SAF fastpath support is enabled, the security product is not called and audit trail of successful accesses is eliminated. With ACF2 FASTPATH processing is enabled by default.

When the BPX.SAFFASTPATH FACILITY class profile is not defined SAF fastpath support is disabled, the security product is called and audit records of successful accesses will be created. With ACF2, to disable FASTPATH processing sites should insert the following SAFDEF record:

ACF
SET CONTROL(GSO)
INSERT SAFDEF.OEFSTART FUNCRET(4) ID(OEFSTAUT) JOBNAME(OMVS) MODE(IGNORE) -
   RB(BPX-) RACROUTE(REQUEST=AUTH class=FACILITY ENTITY=BPX.SAFFASTPATH) REP