Is there a security trace mechanism in SDSF for use with ACF2?

book

Article ID: 197569

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA LDAP Server for z/OS CA PAM Client for Linux for zSeries CA Web Administrator for Top Secret

Issue/Introduction

How can external security within SDSF be traced? 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

Using SDSF sectrace command provides results of all racroute requests issued by SDSF external security.
On SDSF command line input enter

SDSF SECTRACE ON - output will be written to ULOG (See sdsf menu entry ULOG for link to ULOG)
SDSF SECTRACE WTP  - will send trace output to session.

 

ISF050I USER=USER002 GROUP=ISFSPROG PROC=PROC114 TERMINAL=A11LO903  

SDSF MENU V2R4M0    MINIPLEX  DE28                      SET COMMAND COMPLETE
COMMAND INPUT ===> SET SECTRACE WTP                           SCROLL ===> PAGE
NP   NAME     Description              Group    Status                          

 ISF051I SAF Access allowed SAFRC=0 ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.ACTIVE.JES2
 ISF051I SAF Access allowed SAFRC=0 ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.ACTIVE.JES2
 ISF059I SAF Access allowed SAFRC=(0,0,0) ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.ACTIVE.JES2
 ISF059I SAF Access allowed SAFRC=(0,0,0) ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.ACTIVE.JES2                 

SDSF DA DE28  DE28     PAG    0 SIO   439 CPU   3%     LINE 1-40 (75)
COMMAND INPUT ===> st acf*                                    SCROLL ===> PAGE
NP   JOBNAME  StepName ProcStep JobID    Owner    C Pos DP Real Paging    SIO

 ISF051I SAF Access allowed SAFRC=0 ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.STATUS.JES2
 ISF051I SAF Access allowed SAFRC=0 ACCESS=READ CLASS=SDSF RESOURCE=ISFCMD.DSP.STATUS.JES2
 ISF051I SAF Access allowed SAFRC=0 ACCESS=UPDATE CLASS=SDSF RESOURCE=ISFATTR.JOB.PRTY
 ISF051I SAF Access allowed SAFRC=0 ACCESS=UPDATE CLASS=SDSF RESOURCE=ISFATTR.JOB.CLASS
 ISF051I SAF Access allowed SAFRC=0 ACCESS=UPDATE CLASS=SDSF RESOURCE=ISFATTR.JOB.SYSAFF