Discussion:
IFS folder auditing
(too old to reply)
ga
2012-03-07 18:27:23 UTC
Permalink
Is there a way to tell what users have accessed a particular folder on
the IFS? Say I have a folder on the IFS under the root, called
RESTRICT. How can I see who has accessed that folder or any subfolder
of it? Is that possible through journaling?

thanks,
ga
ga
***@nospam.fmctc.com
CRPence
2012-03-07 19:39:10 UTC
Permalink
Post by ga
Is there a way to tell what users have accessed a particular folder
on the IFS? Say I have a folder on the IFS under the root, called
RESTRICT. How can I see who has accessed that folder or any
subfolder of it? Is that possible through journaling?
The STRJRN is used to "start journaling changes (made to an object or
list of objects)", but not to log /read/ access.

Use auditing which includes *READ actions. CHGAUD OBJ() OBJAUD().
Specify *ALL or *USRPRF for the OBJAUD "Object auditing value" parameter
depending on whether the read activity should be generally audited or
only for user profiles where *READ auditing is active.

Object auditing is dependent upon the system auditing being
established; i.e. Both QAUDLVL and QAUDCTL system values activated as
desirable, after a journal receiver is created and then the QAUDJRN
journal object is created and the previously created journal receiver is
attached.

Regards, Chuck
ga
2012-03-08 12:08:06 UTC
Permalink
Chuck,
Thanks for the suggestions! I appreciate it.
ga
Post by CRPence
Post by ga
Is there a way to tell what users have accessed a particular folder
on the IFS? Say I have a folder on the IFS under the root, called
RESTRICT. How can I see who has accessed that folder or any
subfolder of it? Is that possible through journaling?
The STRJRN is used to "start journaling changes (made to an object or
list of objects)", but not to log /read/ access.
Use auditing which includes *READ actions. CHGAUD OBJ() OBJAUD().
Specify *ALL or *USRPRF for the OBJAUD "Object auditing value" parameter
depending on whether the read activity should be generally audited or
only for user profiles where *READ auditing is active.
Object auditing is dependent upon the system auditing being
established; i.e. Both QAUDLVL and QAUDCTL system values activated as
desirable, after a journal receiver is created and then the QAUDJRN
journal object is created and the previously created journal receiver is
attached.
Regards, Chuck
ga
***@nospam.fmctc.com

Loading...