How can ACF2 track who used some system dataset libraries?
Article ID: 189899
ACF2ACF2 - z/OSACF2 - MISC
The Auditing department has requested that certain libraries be tracked for usage. How is this done?
Release : 16.0
Component : CA ACF2 for z/OS
With dataset rules, there are 3 options in rule checking, A for ALLOW, L for LOG, and P for PREVENT. For each dataset checking can be done for allocation A, writing W, reading R and execution E. As an example, a dataset rule for SYS1.PROCLIB could look like this:
$KEY(SYS1) PROCLIB UID(sysprog uid string) A(L) W(A) R(A) E(A) ==> which means the system programmers in the normal use of their job SYS.PROCLIB is logged if they delete or create it, and are allowed for everything else. PROCLIB UID(-) A(P) W(P) R(A) E(A) ==> and everyone else is allowed to read or execute, but not allocate or write to it.
So to see who reads, etc. from a dataset, change the permission to an L for LOG. Then ACF2 will cut SMF record for each user doing that function. The PROCLIB rule to see who reads or executes except the system programmer would look like:
PROCLIB UID(-) A(P) W(P) R(L) E(L)
The ACFRPTDS report will report on dataset violations, loggings, and TRACE records.
For more information on dataset (ACCESS) rules, go to the Administration section in the manual: For more information on using the dataset report, go to the Broadcom docs page and see: