search cancel

How can ACF2 track who used some system dataset libraries?

book

Article ID: 189899

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC

Issue/Introduction

The Auditing department has requested that certain libraries be tracked for usage.  How is this done?

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

With dataset rules, there are 3 options in rule checking, A for ALLOW, L for LOG, and P for PREVENT.  For each dataset checking can be done for allocation A, writing W, reading R and execution E.  As an example, a dataset rule for SYS1.PROCLIB could look like this: 

$KEY(SYS1)
 PROCLIB UID(sysprog uid string)  A(L) W(A) R(A) E(A)  ==> which means the system programmers in the normal use of their job SYS.PROCLIB is logged if they delete or create it, and are allowed for everything else.
 PROCLIB UID(-) A(P) W(P) R(A) E(A)  ==> and everyone else is allowed to read or execute, but not allocate or write to it.
 
So to see who reads, etc. from a dataset, change the permission to an L for LOG.  Then ACF2 will cut SMF record for each user doing that function.   The PROCLIB rule to see who reads or executes except the system programmer would look like:

PROCLIB UID(-) A(P) W(P) R(L) E(L)

The ACFRPTDS report will report on dataset violations, loggings, and TRACE records.

Additional Information

For more information on dataset (ACCESS) rules, go to the Administration section in the manual:
For more information on using the dataset report, go to the Broadcom docs page and see: