*AUDIT special authority

Audit (*AUDIT) special authority gives the user the ability to view and change auditing characteristics.

A user can perform the following tasks with the *AUDIT special authority:

  • Change and display the system values that control auditing.
  • Use the CHGOBJAUT, CHGDLOAUD, and CHGAUD commands to change auditing for objects.
  • Use the CHGUSRAUD command to change auditing for a user.
  • Display an object's auditing values.
  • Display a user profile's auditing values.
  • Run some of the security tool commands, such as PRTADPOBJ.

Risks: A user with *AUDIT special authority can stop and start auditing on the system or prevent auditing of particular actions. If having an audit record of security-relevant events is important for your system, carefully control and monitor the use of *AUDIT special authority.

To prevent general users from viewing auditing information, restrict general users' access to the following information:

  • The security audit journal (QAUDJRN)
  • Other journals that contain auditing data
  • Save files, outfiles, spool files, and printed output that contain auditing information
Note: Only a user with *ALLOBJ, *SECADM, and *AUDIT special authorities can give another user *AUDIT special authority.