SAF SECTRACE command is used to trace any security request that is made to the System Authorization Facility (SAF).

There are several operands to customize the output generated by the SAF SECTRACE

Two of the operands are JOBNAME and USER used to specify which address spaces, jobs, or users must be in control for an event to match the SAF SECTRACE specifications

When the  SAFTRACE is TYPE=OMVS and the JOBNAME and/or USER operands are used in the SAFTRACE command, these operands are not restricting the information generated by the Trace.

For example, If the following command is used to set a SAF SECTRACE TYPE=OMVS and the  JOBNAME and USER are used to restrict the output for a specific job and user, the generated output is not limited to these JOBNAME and USER :

/ST SET,TYPE=OMVS,FUNC=ALL,ID=SAFTR,JOBNAME=xxxx,USER=yyyy,DSN=Output_dataset,END

The dataset containing the output of the SAFTRACE contains information for other job names and users.

A SAF with TYPE=OMVS does not support JOBNAME or USERID to limit the tracing. 

This makes tracing difficult with the Matchlim 9999 limit. This can be hit in a few seconds. To solve this limitation specify Matchlim=0 then the trace will not have to be limited.