Identity class data

Identity class data provides enhanced audit information by capturing identity propagation data (an X.500 distinguished name and associated realm) from a client system across a network for eligible transactions.

Identity propagation depends on the z/OS Identity Propagation function that is provided in z/OS®, Version 1 Release 11. An identity class data record is written by CICS as an SMF 110 subtype 1 record, which is created during transaction detach processing for each transaction that has identity propagation data.

You can enable identity class monitoring by coding MNIDN=ON, with MN=ON, as a system initialization parameter. Alternatively, you can use the monitoring facility transaction CEMN or the EXEC CICS SET MONITOR command to enable identity class monitoring dynamically.

Identity data is constructed using fields that are written only if the data is available, in a similar way to those fields used in the RACF® SMF records. Unlike other monitoring SMF 110 records, these records are not compressed. The identity records are buffered (one or more identity records are constructed into a single SMF 110 record) to minimize the number of SMF writes. Any unwritten identity data records remaining in the output buffer are recorded either when the monitoring identity class is set to inactive or when CICS® shuts down normally.