Authorized applications, such as servers, can invoke the R_auditx callable service (IRRSAX00) to generate an SMF type 83 audit record that records a security-related event and optionally to issue a message to the console indicating an authentication or authorization failure. For detailed information about invoking the R_auditx callable service, see z/OS Security Server RACF Callable Services.

To authorize applications that do not run in system key or supervisor state, you must define RACF® user IDs for them (see Defining applications as RACF users) and authorize their user IDs or groups for at least READ access to the IRR.RAUDITX resource in the FACILITY class.