Top Secret SMF Type 80 Records - Logging Indicators - $LOGVIOL EQU X'80' VIOLATION
Article ID: 187670
Updated On:
Products
Issue/Introduction
For the Top Secret SMF Type 80 Records - Logging Indicators - $LOGVIOL EQU X'80' VIOLATION there is an audit question regarding the criteria that causes $LOGVIOL EQU X'80' VIOLATION.
BMC says the ‘LogReas_Violation=Yes’ maps to Top Secret SMF type 80 records, specifically if field ‘$LOGVIOL EQU X'80' VIOLATION, then 'LogReas_Violation=Yes'. Please review and provide feedback.
Draft Audit Response:
The criteria that causes ‘LogReas_Violation=Yes’ is a Top Secret SMF type 80 record representing a violation which includes - ‘insufficient authority’ , ’not a valid password’, ’Not Authorized to access protected object’ for event types - Job Initiation (01), Resource Access (02) and Policy Director Authorization (71) .
Job Initiation event records are created for user logons and batch job initiations. Violation qualifiers include ‘not a valid password’.
Resource access event records are created by the access to a resource (datasets, CICS transactions, Databases, etc). Violation qualifiers include ‘insufficient authority’.
Policy Director Authorization event records are created for Policy Director Authorization Services. Violation qualifiers include ‘Not authorized to access protected object’.
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
1E $BADPARM - Bad parameter passed on any RACROUTE call - any type of call.
20 $BADCLAS - Bad Resource Class Name passed on any AUTH or FASTAUTH call.
21 SYSERR - System internal error on a RACROUTE call.
23 $NOPRB - TSS cannot determine the program environment for a RACROUTE call.
2C $NOCORE - Storage problems prevented the call from succeeding.
65 – 72 Data set violation codes.
73 – 81 Volume violation codes.
42, 5F - 63, and 82 – 101 Resource violations.
Detailed Violation Error Reason Code Legend
Feedback
