How to setup recording of non-violations to be logged to the TSS Audit File

book

Article ID: 193645

calendar_today

Updated On:

Products

CA Top Secret - VSE

Issue/Introduction

We have the requirement to record accesses to files in the environment to allow us to track deleted members or accesses to specific files. How do we record this with Top Secret?

Environment

Top Secret release 3.0 for VSE

VSE 6.1 and above

Resolution

If you want non-violations to be logged to the TSS Audit File, you will need to either Audit the user or Audit the resource.

1. TSS ADD(acid) AUDIT will cause auditing to be turned on for this user and anything the user accesses that is protected will get logged to the TSS Audit Tracking File. The only exception is when the RACROUTE security call has LOG=NONE set for the security call.

2. TSS ADD(AUDIT) resourceclass(resourcename) will cause auditing to be turned on for this resource. Any time this resource is accessed, it will get logged to the TSS Audit Tracking File. The only exception is when the RACROUTE security call has LOG=NONE set for the security call. Example: TSS ADD(AUDIT) VSEMEMBR(SYS1.PROCLIB.JOE.PHASE) will cause audit records to be written to the TSS Audit Tracking file for JOE.PHASE that resides in a library called SYS1 and sub library called PROCLIB. In order to Audit members, you will need to have VSE library security active in TSS via LIBRPROT(YES) control option. Please refer to the Top Secret r3.0 Implementation: BATCH, STC and APPC Guide on implementing VSE library security.

There must be a RACROUTE security call issued for the DELETE command if you want TSS to log it to the AUDIT tracking file. The application needs to have this functionality. If it doesn’t, then you cannot audit the delete command.

Example. VOLLIE which is our zVSE editor can issue security calls to Top Secret to see if a user is authorized to issue a VOLLIE command like delete command. Because it does this, we can log this security event to the TSS Audit file by either auditing the user or auditing the VOLLIE command.