Charles Mills wrote: > Sorry for an elementary question. I've got a customer asking me and I don't > pretend to be a RACF expert.
This type of question is not elementary. Only by asking you will learn. Only wise guys ask, the rest pretents to be wise. ;-) >Yes, I know there is a RACF list but this list is more active. The absolute RACF gurus are hanging out there in RACF-L, but sometimes here in IBM-MAIN too. There are other lists for RACF and MVS too. >I know it is possible to monitor access to a group of "traditional" MVS >datasets with ADDDSD FOO.BAR.** AUDIT(SUCCESS,...) ... Above is for SUCCESSfull attempts. You can use AUDIT(ALL(READ)) so all attempts, successfull or not, are logged. That is if LOGOPTIONS is set as ALWAYS for DATASET. >I see that it is possible to restrict access to an entire zFS filesystem with >RACF. Indeed. You can even manage the ability to mount/dismount actions too. >Is it possible to monitor access to a group or directory of zFS files? >Something like ADDDSD /u/foo/bar/** AUDIT(SUCCESS,...)... ? Radoslaw kindly said you can use chaudit. Beside SMF record 80, you should collect SMF records 92 and perhaps others records too. I believe when you create a zFS file, the audit flags are turned off, but I could be wrong. You should review (chmod, chown, etc) all audit and access flags for all the folders from up the root down to the files. Then, you should review these RACF classes too: DIRACC DIRSRCH FSOBJ FSSEC IPCOBJ PROCACT PROCESS No profiles can be defined in these classes except FSSEC. You can also review the audit settings of RACF users and also their OMVS segments too. Hope above will help, but I'm pretty sure others will chime in with better and complete advice. Groete / Greetings Elardus Engelbrecht Friday Joke: What is the benefit when you've got alzheimer? Everytime you lie tonight next to your man/wife, it is always a new person you meet ... Ouch ... ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
