Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
2 replies Latest Post - ‏2013-03-06T13:07:45Z by SystemAdmin
SystemAdmin
SystemAdmin
31 Posts
ACCEPTED ANSWER

Pinned topic Optim Security exit FOP2OS01

‏2013-03-04T13:31:22Z |
Need help changing security exit FOP2OS01 to log RACF security calls. RACF calls from the default exit don't produce any log output. We need this for audit requirements.
Updated on 2013-03-06T13:07:45Z at 2013-03-06T13:07:45Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    31 Posts
    ACCEPTED ANSWER

    Re: Optim Security exit FOP2OS01

    ‏2013-03-05T18:06:32Z  in response to SystemAdmin
    Vernon,

    Sorry for the delay in replying, hope things are well.
    The FOPZOS01 exit uses a RACROUTE parameter as follows:
    ACCESS=STATUS

    The ACCESS keyword behaves as follows:
    ******
    ACCESS
    The request is simply to return the user's highest current access to the resource specified. Upon successful completion, the user's access is returned in the RACF reason code. No auditing is done for this request.

    ******
    The key is that no RACF auditing is done for this request. The exit does build a trace record, perhaps it can be re-routed to a file ....

    Kevin
  • SystemAdmin
    SystemAdmin
    31 Posts
    ACCEPTED ANSWER

    Re: Optim Security exit FOP2OS01

    ‏2013-03-06T13:07:45Z  in response to SystemAdmin
    Yes, we understand the exit can produce a trace record. But we would also like to have the exit produce a RACF log message by used a different RACROUTE. Our thinking was to add another RACROUTE for this purpose. What is your recommendation?