Is there a security trace mechanism in SDSF for use with ACF2?

search cancel

Is there a security trace mechanism in SDSF for use with ACF2?

book

Article ID: 197569

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS PAM CLIENT FOR LINUX ON MAINFRAME WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

How can external security within SDSF be traced?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

Using SDSF sectrace command provides results of all racroute requests issued by SDSF external security.
On SDSF command line input enter

SDSF SECTRACE ON - output will be written to ULOG (See sdsf menu entry ULOG for link to ULOG)
SDSF SECTRACE WTP - will send trace output to session.

ISF050I USER=USER002 GROUP=ISFSPROG PROC=PROCnnn TERMINAL=xxxxxxx

SDSF MENU V2R4M0 MINIPLEX sys1 SET COMMAND COMPLETE
COMMAND INPUT ===> SET SECTRACE WTP SCROLL ===> PAGE
NP NAME Description Group Status

ISF051I SAF Access allowed SAFRC=0 ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.ACTIVE.JES2
ISF051I SAF Access allowed SAFRC=0 ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.ACTIVE.JES2
ISF059I SAF Access allowed SAFRC=(0,0,0) ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.ACTIVE.JES2
ISF059I SAF Access allowed SAFRC=(0,0,0) ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.ACTIVE.JES2

SDSF DA DE28 DE28 PAG 0 SIO 439 CPU 3% LINE 1-40 (75)
COMMAND INPUT ===> st acf* SCROLL ===> PAGE
NP JOBNAME StepName ProcStep JobID Owner C Pos DP Real Paging SIO

ISF051I SAF Access allowed SAFRC=0 ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.STATUS.JES2
ISF051I SAF Access allowed SAFRC=0 ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.STATUS.JES2
ISF051I SAF Access allowed SAFRC=0 ACCESS=UPDATE CLASS=SDSF RESOURCE=ISFATTR.JOB.PRTY
ISF051I SAF Access allowed SAFRC=0 ACCESS=UPDATE CLASS=SDSF RESOURCE=ISFATTR.JOB.CLASS
ISF051I SAF Access allowed SAFRC=0 ACCESS=UPDATE CLASS=SDSF RESOURCE=ISFATTR.JOB.SYSAFF

Feedback

thumb_up Yes

thumb_down No