As an auditor, you want to see all activity that occurs by a user or ticket from elevation to de-elevation or elevation timeout.

A unique user ID (TAMID) is assigned at elevation time and carried through each elevation and de-elevation event.

Release : 16.0

Component :

The ACFRPTTZ audit utility reads the same SMF records as the following reports and 
generates a CSV file containing the fields that appear on the individual reports. The SAFTZJSN reads the CSV 
file, reformats, and creates a JSON file. The ACFRPTTZ SAMPJ member contains an example of how to invoke 
ACFRPTTZ and SAFTZJSN.
• ACFRPTDS - Data Set/Program Event Log
• ACFRPTEL - Infostorage Update Log
• ACFRPTLL - Logonid Modification Log
• ACFRPTNV - The Environment Report
• ACFRPTRL - Rule ID Modification Log
• ACFRPTRV - Resource Event Log
The ACFRPTTZ utility accepts the following parameters:
• ELEVATE
Allows the user to report ELEVATE-related entries. The CSV output contains information from SMF records, 
which are written while the user was elevated. Output includes records which are written to elevate and end 
the elevation for a user.
• ELUSER
Specifies an elevation activity for a specific user.
• TAMID
Specifies an elevation activity for specific TAMIDs. Up to 32 TAMID values or masks can be specified. Only 
records with TAMID values are selected.
• TICKET
Specifies elevation activity for specific TICKETS. Up to 32 ticket number values or masks can be specified. If 
TICKET is not specified, all ticket numbers are reported

The following sample output is from the ACFRPTTZ utility:

CA ACF2 - ACFRPTTZ - TAMz Activity Journal - PAGE 1 DATE 08/31/21 (21.243) TIME 13.51

Counts CSV 30 DS 3 EL 3 LL 0 NV 3 RL 0 RV 21