RACHECK invocation - logging not performed
search cancel

RACHECK invocation - logging not performed

book

Article ID: 115663

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction



RACHECK is issued for CLASS=DATASET or CLASS=ABSTRACT .
LOG option for RACHECK is not specified , thus defaults to ASIS) .
Audit file does not contain records for this invocations .
RDT CLASSes DATASET and ABSTRACT were not changed .

Why no Audit Tracking record is cut in such case?

Environment

Release:
Component: TSSMVS

Resolution

The requestor is allowed to access to ABSTRACT(CVUXPD), then the SECTRACE shows access is allowed.

In such case a record won't be cut in the ATF file, because access is allowed, there is no violation.
A record will be only cut if a violation occurs.

So, you need to add an AUDIT attribute to the acid or to add ACTION(AUDIT) on the permit or add the resource to be audited in the AUDIT record or use LOG(ACCESS) at FACILITY level to cut a record in the ATF file when access is succesful. If you revoke the permit ABSTRACT(CVUXPD) for the requestor, a violation will occur and a record will be cut in the ATF file.