How can I use Compliance Event Manager to track Security Administration INFOSTG record changes such as a GSO Cross-reference role group (X-ROL) record?
search cancel

How can I use Compliance Event Manager to track Security Administration INFOSTG record changes such as a GSO Cross-reference role group (X-ROL) record?

book

Article ID: 13226

calendar_today

Updated On:

Products

Compliance Event Manager

Issue/Introduction



How can I use Compliance Event Manager to track Security Administration INFOSTG record changes such as a GSO Cross-reference role group (X-ROL) record?

Environment

Release:
Component: CEVM

Resolution

The OTHERADMIN event can be used to track logonid changes with the Alert, Warehouse or Logger components.

A Policy Statement for the Other Administration events can be created. Test Conditions can be used against the following fields:

 Command
 Date
 Day
 ESM
 Infostorage
 Key
 Jobname
 Operation
 SYSID
 SYSPLEX
 Source
 Time
 Userid

The fields that are returned are as follow.

 Category
 Command
 Date
 DATE_UTC
 ESM  
 Event
 Jobname
 Key
 Length
 Operation
 Policy UUID
 Record Length
 Source
 SYSID
 SYSPLEX
 Time
 Userid
 Version

For Example:

Security administrator logonid SEC0001 Changes a GSO XROL record from the INFOSTG database.

LOGONID SEC0001(with SECURITY Privilege) logs on to TSO

Command issued from  TSO:

ACF
SET X(ROL)
cha abc include(SEC0002)

Compliance Event Manager Policy Administration Event fields returned:

Category: OTHERADMIN
Command: cha abc include(SEC0002)
Date: 21-Feb-2017
DATE_UTC: Tuesday
ESM : ACF2
Event: OTHERADMIN
Jobname: SEC0001
Key: XROL********ABC
Length: 179
Operation: CHANGE
Policy UUID: 588499fe-6183-41d1-ba9a-fd9e8daeb112
Record Length: 179
Source: A99KO888
SYSID: SYS8
SYSPLEX: MINIPLEX
Time: 16:22:33
Userid: SEC0001
Version: 1

 

Powered by Wolken Software