DS (Service Tools User ID and Attribute Changes) journal entries

This table provides the format of the DS (Service Tools User ID and Attribute Changes) journal entries.

Information from this audit journal entry can be queried with the SYSTOOLS.AUDIT_JOURNAL_DS table function: AUDIT_JOURNAL_DS

Table 1. DS (Service Tools User ID and Attribute Changes) journal entries. QASYDSJE/J4/J5 Field Description File
Offset Field Format Description
JE J4 J5
1 1 1     Heading fields common to all entry types. See Standard heading fields for audit journal entries QJORDJE5 Record Format (*TYPE5),Standard heading fields for audit journal entries QJORDJE4 Record Format (*TYPE4), and Standard heading fields for audit journal entries QJORDJE2 Record Format (*TYPE2) for field listing.
156 224 610 Entry Type Char(1) The type of entry.
A
Reset of a service tools user ID password using the CHGDSTPWD command.
C
Change to a service tools user ID using the QSYCHGDS API.
D
Delete of a service tools user ID using the DLTSSTUSR command.
H
Change to a service tools user ID using the CHGSSTUSR command.
Start of changeKEnd of change
Start of changeChange to a service tools user ID using the CHGSSTKEY command.End of change
P
Change to a service tools user ID password using the QSYCHGDS API.
R
Create of a service tools user ID using the CRTSSTUSR command.
S
Change to the service tools security attributes using the CHGSSTSECA command.
157 225 611 IBM-Supplied Service Tools User ID Reset Char(1)
Y
Request to reset an IBM-supplied service tools user ID. This field only contains data when Entry type (J5 offset 610) is A.
158 226 612 Service Tools User ID to change Char(10) The service tools user ID to change. This field only contains data when Entry type (J5 offset 610) is C or P. It may contain one of the following special values.
*SECURITY
*SERVICE
168 236 622 Service Tools User ID New Name Char(8) The new name of the service tools user ID. This field only contains data when Entry type (J5 offset 610) is C and the new service tools user ID name length is 8 bytes or less.
176 244 630 Service Tools User ID Password Change Char(1) Request to change the service tools user ID password. This field only contains data when Entry type (J5 offset 610) is P.
Y
Request to change service tools user ID password.
  245 631 Service Tools User ID Char(10) When Entry type (J5 offset 610) is C this field contains the new name of the service tools user ID.

When Entry type is D, H, or R this field contains the service tools user ID being created, changed, or deleted.
  255 641 Service Tools User ID Requesting Profile Char(10) The name of the service tools user ID that requested the action. This field only contains data when Entry type (J5 offset 610) is C, D, H, P, R, or S.
    651 Status Char(10) Status of the user ID. This field only contains data when Entry type (J5 offset 610) is H or R.
*ENABLED
*DISABLED
    661 Previous Status Char(10) Previous status of the user ID. This field only contains data when Entry type (J5 offset 610) is H.
*ENABLED
*DISABLED
    671 Set Password Expired Char(1) Set password to expired. This field only contains data when Entry type (J5 offset 610) is H or R.
Y
Password is expired
    672 Linked Profile Char(10) The user profile that is linked to the service tools user ID. This field only contains data when Entry type (J5 offset 610) is H or R.
    682 Previous Linked Profile Char(10) The user profile that was previously linked to the service tools user ID. This field only contains data when Entry type (J5 offset 610) is H.
    692 (Reserved Area) Char(10)
   
Current Privileges - The privilege fields only contain data when Entry type (J5 offset 610) is H or R.
Y
Service tools user ID has the privilege
N
Service tools user ID does not have the privilege
' '
Privilege not changing. Entry type H only.
    702   Char(1) Disk units - operations
    703   Char(1) Disk units - administration
    704   Char(1) Disk units - read only
    705   Char(1) System partitions - operations
    706   Char(1) System partitions - administration
    707   Char(1) Partition remote panel key
    708   Char(1) Operator panel functions
    709   Char(1) Operating system initial program load (IPL)
    710   Char(1) Install
    711   Char(1) Performance data collector
    712   Char(1) Hardware service manager
    713   Char(1) Display/Alter/Dump
    714   Char(1) Main storage dump
    715   Char(1) Product activity log
    716   Char(1) Licensed Internal Code log
    717   Char(1) Licensed Internal Code fixes
    718   Char(1) Trace
    719   Char(1) Dedicated Service Tools (DST) environment
    720   Char(1) Remote service support
    721   Char(1) Service tools security
    722   Char(1) Service tools save and restore
    723   Char(1) Debug
    724   Char(1) System capacity - operations
    725   Char(1) System capacity - administrator
    726   Char(1) System security
    727   Char(1) Start service tools
    728   Char(1) Take over console
    729 (Reserved Area) Char(13)  
   
Previous Privileges - The privilege fields only contain data when Entry type (J5 offset 610) is H.
Y
Service tools user ID has the privilege
N
Service tools user ID does not have the privilege
' '
Privilege not changing.
    742   Char(1) Disk units - operations
    743   Char(1) Disk units - administration
    744   Char(1) Disk units - read only
    745   Char(1) System partitions - operations
    746   Char(1) System partitions - administration
    747   Char(1) Partition remote panel key
    748   Char(1) Operator panel functions
    749   Char(1) Operating system initial program load (IPL)
    750   Char(1) Install
    751   Char(1) Performance data collector
    752   Char(1) Hardware service manager
    753   Char(1) Display/Alter/Dump
    754   Char(1) Main storage dump
    755   Char(1) Product activity log
    756   Char(1) Licensed Internal Code log
    757   Char(1) Licensed Internal Code fixes
    758   Char(1) Trace
    759   Char(1) Dedicated Service Tools (DST) environment
    760   Char(1) Remote service support
    761   Char(1) Service tools security
    762   Char(1) Service tools save and restore
    763   Char(1) Debug
    764   Char(1) System capacity - operations
    765   Char(1) System capacity - administrator
    766   Char(1) System security
    767   Char(1) Start service tools
    768   Char(1) Take over console
    769 (Reserved Area) Char(13)  
   

End Previous Privileges
    782 SST Password Level Char(1) System Service Tools (SST) password level. This field only contains data when Entry Type (J5 offset 610) is S.
    783 Previous SST Password Level Char(1) Previous (SST) password level. This field only contains data when Entry Type (J5 offset 610) is S.
    784 Allow System Value Changes Char(1) Allow changes to security related system values. This field only contains data when Entry Type (J5 offset 610) is S.
Y
Allow changes
    785 Previous Allow System Value Changes Char(1) Previous value of allow changes to security related system values. This field only contains data when Entry Type (J5 offset 610) is S.
Y
Allow changes
    786 Allow Add of Digital Certificates Char(1) Allow digital certificates to be added to a certificate store. This field only contains data when Entry Type (J5 offset 610) is S.
Y
Allow add
    787 Previous Allow Add of Digital Certificates Char(1) Previous value of allow add of digital certificates. This field only contains data when Entry Type (J5 offset 610) is S.
Y
Allow add
    788 Allow SST Password Change Char(1) Allow an SST user with a default and expired password to change their own password. This field only contains data when Entry Type (J5 offset 610) is S.
Y
Allow change
    789 Previous Allow SST Password Change Char(1) Previous value of allow SST Password Change. This field only contains data when Entry Type (J5 offset 610) is S.
Y
Allow change
    790 Allow Add and Remove of Password Exit Programs Char(1) Allow exit programs to be added to and removed from the password exit programs. This field only contains data when Entry Type (J5 offset 610) is S.
Y
Allow add and remove
    791 Previous Allow Add and Remove of Password Exit Programs Char(1) Previous value of allow add and remove of password exit programs. This field only contains data when Entry Type (J5 offset 610) is S.
Y
Allow add and remove
    Start of change792End of change Start of changeAllow Change of Additional Sign-on FactorEnd of change Start of changeChar(1)End of change Start of changeAllow change of additional sign-on factor security attribute using the Change Security Attributes (CHGSECA) command. This field only contains data when Entry Type (J5 offset 610) is S.
Y
Allow change of additional sign-on factor security attribute
End of change
    Start of change793End of change Start of changePrevious Allow Change of Additional Sign-on FactorEnd of change Start of changeChar(1)End of change Start of changePrevious value of allow change of additional sign-on factor security attribute. This field only contains data when Entry Type (J5 offset 610) is S.
Y
Allow change of additional sign-on factor security attribute
End of change
    794 (Reserved Area) Char(2)  
   

Current Password Rules - These fields only contain data when Entry Type (J5 offset 610) is S.
    796 Limit Profile Name Char(1) Limit profile name.
Y
The password may not contain the upper case profile name.
    797 Hours to Block Char(6) The number of hours during which the password is blocked from being changed.
*NONE
There is no restriction on how frequently a user can change a password.
    803 Minimum Password Length Char(6) Minimum password length.
    809 Maximum Password Length Char(6) Maximum password length.
    815 Use From 3 Groups Char(1) The password must contain characters from at least three of the four types of characters: Uppercase letters, lowercase letters, digits, and special characters.
Y
The password must contain characters from at least three of the four groups.
    816 Limit Adjacent Characters Char(1) Limit adjacent characters.
Y
The password may not contain two or more adjacent characters.
    817 Limit Repeating Characters Char(1) Limit repeating characters.
Y
The password may not contain two or more occurrences of the same character.
    818 Limit Same Position Char(1) Limit characters in the same position.
Y
The same character may not be used in the same position as in the previous password.
    819 Minimum Digits Char(6) The minimum number of digit characters that must occur in the password.
*NONE
No digits are required.
    825 Maximum Digits Char(6) The maximum number of digit characters that may occur in the password.
*NOMAX
Any number of digits are allowed in the password.
    831 Limit Adjacent Digits Char(1) Limit adjacent digits.
Y
The password must not contain two or more adjacent (consecutive) digits.
    832 Limit Digit First Char(1) Limit digit in first position.
Y
The first character of the password must not be a digit.
    833 Limit Digit Last Char(1) Limit digit in last position.
Y
The last character of the password must not be a digit.
    834 Minimum Letters Char(6) The minimum number of letter characters that must occur in the password.
*NONE
No letters are required.
    840 Maximum Letters Char(6) The maximum number of letter characters that may occur in the password.
*NOMAX
Any number of letters are allowed in a password.
    846 Limit Adjacent Letters Char(1) Limit adjacent letters.
Y
The password must not contain two or more adjacent (consecutive) letters.
    847 Limit Letter First Char(1) Limit letter in first position.
Y
The first character of the password must not be a letter.
    848 Limit Letter Last Char(1) Limit letter in last position.
Y
The last character of the password must not be a letter.
    849 Number Mixed Case Letters Char(6) The password must contain at least the specified number of uppercase and lowercase letters.
*NONE
Mixed case letters are not required in a password.
    855 Minimum Special Characters Char(6) The minimum number of special characters that must occur in the password.
*NONE
No special characters are required.
    861 Maximum Special Characters Char(6) The maximum number of special characters that may occur in the password.
*NOMAX
Any number of special characters are allowed in a password.
    867 Limit Adjacent Special Characters Char(1) Limit adjacent special characters.
Y
The password must not contain two or more adjacent (consecutive) special characters.
    868 Limit Special Character First Char(1) Limit special character in first position.
Y
The first character of the password must not be a special character.
    869 Limit Special Character Last Char(1) Limit special character in last position.
Y
The last character of the password must not be a special character.
    870 (Reserved Area) Char(10)  
   

Previous Password Rules - These fields only contain data when Entry Type (J5 offset 610) is S.
    880 Previous Limit Profile Name Char(1) Limit profile name.
Y
The password may not contain the upper case profile name.
    881 Previous Hours to Block Char(6) The number of hours during which the password is blocked from being changed.
*NONE
There is no restriction on how frequently a user can change a password.
    887 Previous Minimum Password Length Char(6) Minimum password length.
    893 Previous Maximum Password Length Char(6) Maximum password length.
    899 Previous Use From 3 Groups Char(1) The password must contain characters from at least three of the four types of characters: Uppercase letters, lowercase letters, digits, and special characters.
Y
The password must contain characters from at least three of the four groups.
    900 Previous Limit Adjacent Characters Char(1) Limit adjacent characters.
Y
The password may not contain two or more adjacent characters.
    901 Previous Limit Repeating Characters Char(1) Limit repeating characters.
Y
The password may not contain two or more occurrences of the same character.
    902 Previous Limit Same Position Char(1) Limit characters in the same position.
Y
The same character may not be used in the same position as in the previous password.
    903 Previous Minimum Digits Char(6) The minimum number of digit characters that must occur in the password.
*NONE
No digits are required.
    909 Previous Maximum Digits Char(6) The maximum number of digit characters that may occur in the password.
*NOMAX
Any number of digits are allowed in the password.
    915 Previous Limit Adjacent Digits Char(1) Limit adjacent digits.
Y
The password must not contain two or more adjacent (consecutive) digits.
    916 Previous Limit Digit First Char(1) Limit digit in first position.
Y
The first character of the password must not be a digit.
    917 Previous Limit Digit Last Char(1) Limit digit in last position.
Y
The last character of the password must not be a digit.
    918 Previous Minimum Letters Char(6) The minimum number of letter characters that must occur in the password.
*NONE
No letters are required.
    924 Previous Maximum Letters Char(6) The maximum number of letter characters that may occur in the password.
*NOMAX
Any number of letters are allowed in a password.
    930 Previous Limit Adjacent Letters Char(1) Limit adjacent letters.
Y
The password must not contain two or more adjacent (consecutive) letters.
    931 Previous Limit Letter First Char(1) Limit letter in first position.
Y
The first character of the password must not be a letter.
    932 Previous Limit Letter Last Char(1) Limit letter in last position.
Y
The last character of the password must not be a letter.
    933 Previous Number Mixed Case Letters Char(6) The password must contain at least the specified number of uppercase and lowercase letters.
*NONE
Mixed case letters are not required in a password.
    939 Previous Minimum Special Characters Char(6) The minimum number of special characters that must occur in the password.
*NONE
No special characters are required.
    945 Previous Maximum Special Characters Char(6) The maximum number of special characters that may occur in the password.
*NOMAX
Any number of special characters are allowed in a password.
    951 Previous Limit Adjacent Special Characters Char(1) Limit adjacent special characters.
Y
The password must not contain two or more adjacent (consecutive) special characters.
    952 Previous Limit Special Character First Char(1) Limit special character in first position.
Y
The first character of the password must not be a special character.
    953 Previous Limit Special Character Last Char(1) Limit special character in last position.
Y
The last character of the password must not be a special character.
    954 (Reserved Area) Char(10)  
   

End Previous Password Rules
    964 Maximum Sign-on Attempts Char(2) The maximum number of sign-on attempts an SST user ID is allowed. This field only contains data when the Entry Type (J5 offset 610) is S.
2-15
    966 Previous Maximum Sign-on Attempts Char(2) The previous maximum sign-on attempts allowed. This field only contains data when the Entry Type (J5 offset 610) is S.
    968 Password Expiration Interval Char(6) The number of days an SST user ID has between the date the password is changed and the data when the password expires. This field only contains data when the Entry Type (J5 offset 610) is S.
*NOMAX
The password does not expire.
1-366
    974 Previous Password Expiration Interval Char(6) Previous password expiration interval. This field only contains data when the Entry Type (J5 offset 610) is S.
    980 Duplicate Password Control Char(6) The number of previous passwords that must not be duplicated before a password is allowed to be used again. This field only contains data when the Entry Type (J5 offset 610) is S.
*NONE
No duplicate checking is performed.
1-32
    986 Previous Duplicate Password Control Char(6) Previous duplicate password control. This field only contains data when the Entry Type (J5 offset 610) is S.
    Start of change992End of change Start of changeAdditional Sign-on FactorEnd of change Start of changeChar(10)End of change Start of changeAdditional sign-on factor SST attribute. This field only contains data when the Entry Type (J5 offset 610) is S.
Start of change*ENABLEDEnd of change
Start of changeAdditional sign-on factor for SST sign-on enabled.End of change
Start of change*DISABLEDEnd of change
Start of changeAdditional sign-on factor for SST sign-on disabled.End of change
End of change
    Start of change1002End of change Start of changePrevious Additional Sign-on FactorEnd of change Start of changeChar(10)End of change Start of changePrevious additional sign-on factor SST attribute. This field only contains data when the Entry Type (J5 offset 610) is S. End of change
    Start of change1012End of change (Reserved Area) Start of changeChar(30)End of change  
    1042 SST User Password Expiration Interval Char(7) Service tools user ID password expiration Interval. The number of days between the date the password is changed and the data when the password expires. This field only contains data when the Entry Type (J5 offset 610) is H or R.
*SSTATR
The password expiration interval defined for the SST security attribute is used.
*NOMAX
The password does not expire.
1-366
    1049 Previous SST User Password Expiration Interval Char(7) Previous service tools user ID password expiration Interval. This field only contains data when the Entry Type (J5 offset 610) is H or R.
    Start of change1056End of change Start of changeTOTP Key Exists IndicatorEnd of change Start of changeChar(1)End of change Start of changeIndicates if the time-based one-time password (TOTP) key exists for the Service Tools User ID Requesting Profile. This field only contains data when Entry Type (J5 offset 610) is A or K.
Y
TOTP key exists
N
TOTP key is *NONE
End of change
    Start of change1057End of change Start of changePrevious TOTP Key Exists IndicatorEnd of change Start of changeChar(1)End of change Start of changePrevious value of TOTP key exists indicator. This field only contains data when Entry Type (J5 offset 610) is A or K.End of change
    Start of change1058End of change Start of changeAuthentication MethodEnd of change Start of changeChar(10)End of change Start of changeService tools user ID authentication method. This field only contains data when the Entry Type (J5 offset 610) is A or H.
Start of change*NONEEnd of change
Start of changeNo additional authentication method used for the SST user.End of change
Start of change*TOTPEnd of change
Start of changeA time-based one-time password (TOTP) is required when authenticating using the SST user.End of change
End of change
    Start of change1068End of change Start of changePrevious Authentication MethodEnd of change Start of changeChar(10)End of change Start of changePrevious service tools user ID authentication method. This field only contains data when the Entry Type (J5 offset 610) is A or H. End of change