Information is needed on date and time when LOGONID SECURITY privilege is used - for example, how many times a SECURITY privilege allowed access to data sets, protected programs, and resources.
Use acf2 reports to see when an access has been allowed due to security attribute.
ACFRPTRV and ACFRPTDS will show resource and dataset accesses allowed due to security attribute (SEC-OFF reason).
ACFRPTLL ACFRPTEL ACFRPTRL will show admin functions by a particular admin for logonid, infostorage
and rule database updates respectively.
You will need to run the reports against the SMF data for the time period you are interested in
Detailed information on the above reports is contained in the Techdocs section that starts with this page: