Auditor-Controlled Logging
You, the auditor, can direct RACF to log additional events. These
events are:
- Changes to any RACF profiles
- All RACF commands that a SPECIAL or group-SPECIAL user issues
- All unauthorized attempts to use RACF commands
- Selected z/VM events, using the SETEVENT command
- All RACF-related activities of specific users
- All accesses to resources (data sets and general resources) that RACF allows because the user has the OPERATIONS or group-OPERATIONS attribute
- All accesses to specific data sets
- All accesses to specific general resources
- All accesses to OpenExtensions BFS files and directories
- All accesses to resources protected by specific profiles in the SECLABEL class
- All accesses to a specified class of resources at an access level indicated on the LOGOPTIONS keyword of the SETROPTS command
You can identify which of these events apply to your installation's security goals and use audit controls to direct RACF to log the events you require.