RACHECK invocation - logging not performed
Article ID: 115663
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
RACHECK is issued for CLASS=DATASET or CLASS=ABSTRACT .
LOG option for RACHECK is not specified , thus defaults to ASIS) .
Audit file does not contain records for this invocations .
RDT CLASSes DATASET and ABSTRACT were not changed .
Why no Audit Tracking record is cut in such case?
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
The requestor is allowed to access to ABSTRACT(CVUXPD), then the SECTRACE shows access is allowed.
In such case a record won't be cut in the ATF file, because access is allowed, there is no violation.
A record will be only cut if a violation occurs.
So, you need to add an AUDIT attribute to the acid or to add ACTION(AUDIT) on the permit or add the resource to be audited in the AUDIT record or use LOG(ACCESS) at FACILITY level to cut a record in the ATF file when access is succesful. If you revoke the permit ABSTRACT(CVUXPD) for the requestor, a violation will occur and a record will be cut in the ATF file.
In such case a record won't be cut in the ATF file, because access is allowed, there is no violation.
A record will be only cut if a violation occurs.
So, you need to add an AUDIT attribute to the acid or to add ACTION(AUDIT) on the permit or add the resource to be audited in the AUDIT record or use LOG(ACCESS) at FACILITY level to cut a record in the ATF file when access is succesful. If you revoke the permit ABSTRACT(CVUXPD) for the requestor, a violation will occur and a record will be cut in the ATF file.
Feedback
Yes
No
Powered by
