Auditing RESLEVEL
Use the RESAUDIT system parameter to control the production of RESLEVEL audit records. RACF® GENERAL audit records are produced.
Produce RESLEVEL audit records by setting the RESAUDIT system parameter to YES. If the RESAUDIT parameter is set to NO, audit records are not produced. For more details about setting this parameter, see Using CSQ6SYSP.
If RESAUDIT is set to YES, no normal RACF audit records are taken when the RESLEVEL check is made to see what access an address space user ID has to the hlq.RESLEVEL profile. Instead, IBM® MQ requests that RACF create a GENERAL audit record (event number 27). These checks are only carried out at connect time, so the performance cost is minimal.
RACFRW
SELECT PROCESS
EVENT GENERAL
LIST
END
From checking the LOGSTR data in this sample output, you can see that TSO user WS21B has CONTROL access to QM66.RESLEVEL. This means that all resource security checks are bypassed when user WS21B access QM66 resources.
For more information about using RACFRW, see the z/OS® Security Server RACF Auditor's Guide.