z/OS Security Server RACF Macros and Interfaces
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


The format of the unloaded SMF type 83 data

z/OS Security Server RACF Macros and Interfaces
SA23-2288-00

RACF® writes a type 83 subtype 1 record for each data set that is affected by the change of a security label. Table 1 describes the format of the unloaded version of this record.

Table 1. Format of the unloaded SMF type 83 records
Field name Type Length Position Comments
Start End
DSAF_EVENT_TYPE Char 8 1 8 The type of the event. Set to "DSAF".
DSAF_RESERVED_01 Char 8 10 17 This field is reserved and is set to blanks to allow a common alignment with other unloaded SMF records.
DSAF_TIME_WRITTEN Time 8 19 26 Time that the record was written to SMF.
DSAF_DATE_WRITTEN Date 10 28 37 Date that the record was written to SMF.
DSAF_SYSTEM_SMFID Char 4 39 42 SMF system ID of the system from which the record originates.
DSAF_SECL_LINK Char 16 44 59 Key to link together the data sets affected by a change of security label and the command that caused the security label change.
DSAF_VIOLATION Yes/ No 4 61 64 Does this record represent a violation?
DSAF_USER_NDFND Yes/ No 4 66 69 Was this user not defined to RACF?
DSAF_USER_WARNING Yes/ No 4 71 74 Was this record created because of WARNING?
DSAF_EVT_USER_ID Char 8 76 83 User ID associated with the event.
DSAF_EVT_GRP_ID Char 8 85 92 Group name associated with the event.
DSAF_AUTH_NORMAL Yes/ No 4 94 97 Was normal authority checking a reason for access being allowed?
DSAF_AUTH_SPECIAL Yes/ No 4 99 102 Was special authority checking a reason for access being allowed?
DSAF_AUTH_OPER Yes/ No 4 104 107 Was operations authority checking a reason for access being allowed?
DSAF_AUTH_AUDIT Yes/ No 4 109 112 Was auditor authority checking a reason for access being allowed?
DSAF_AUTH_EXIT Yes/ No 4 114 117 Was exit checking a reason for access being allowed?
DSAF_AUTH_FAILSFT Yes/ No 4 119 122 Was failsoft checking a reason for access being allowed?
DSAF_AUTH_BYPASS Yes/ No 4 124 127 Was the use of the user ID *BYPASS* a reason for access being allowed?
DSAF_AUTH_TRUSTED Yes/ No 4 129 132 Was trusted authority checking a reason for access being allowed?
DSAF_LOG_CLASS Yes/ No 4 134 137 Was SETR AUDIT(class) checking a reason for this event to be recorded?
DSAF_LOG_USER Yes/ No 4 139 142 Was auditing requested for this user?
DSAF_LOG_SPECIAL Yes/ No 4 144 147 Was auditing requested for access granted due to the SPECIAL privilege?
DSAF_LOG_ACCESS Yes/ No 4 149 152 Did the profile indicate audit, or did FAILSOFT processing allow access, or did the RACHECK exit indicate auditing?
DSAF_LOG_RACINIT Yes/ No 4 154 157 Did the RACINIT fail?
DSAF_LOG_ALWAYS Yes/ No 4 159 162 Is this command always audited?
DSAF_LOG_CMDVIOL Yes/ No 4 164 167 Was this event audited due to CMDVIOL?
DSAF_LOG_GLOBAL Yes/ No 4 169 172 Was this event audited due to GLOBALAUDIT?
DSAF_TERM_LEVEL Int. 3 174 176 The terminal level associated with this audit record.
DSAF_BACKOUT_FAIL Yes/ No 4 178 181 Did RACF fail in backing out the data?
DSAF_PROF_SAME Yes/ No 4 183 186 Was the profile the same at the end of this event?
DSAF_TERM Char 8 188 195 The terminal associated with the event.
DSAF_JOB_NAME Char 8 197 204 The job name associated with the event.
DSAF_READ_TIME Time 8 206 213 The time that the job entered the system.
DSAF_READ_DATE Date 10 215 224 The date that the job entered the system.
DSAF_SMF_USER_ID Char 8 226 233 User ID from SMF common area. This value is managed by SMF and the SMF processing exits.
DSAF_LOG_LEVEL Yes/ No 4 235 238 Was this event audited due to SECLEVEL auditing?
DSAF_LOG_LOGOPT Yes/ No 4 240 243 Was this event audited due to SETR LOGOPTIONS auditing?
DSAF_LOG_SECL Yes/ No 4 245 248 Was this event audited due to SETR SECLABELAUDIT auditing?
DSAF_LOG_COMPATM Yes/ No 4 250 253 Was this event audited due to SETR COMPATMODE auditing?
DSAF_LOG_APPLAUD Yes/ No 4 255 258 Was this event audited due to SETR APPLAUDIT?
DSAF_USR_SECL Char 8 260 267 The security label associated with this user.
DSAF_DATA_SET Char 44 269 312 The name of the data set affected by the security label change.
DSAF_RESERVED_02 Char 2 314 315 Reserved for IBM's use.
DSAF_PROD_ID Char 8 317 324 Short name for the product or component logging the event
Note: The format of unloaded SMF records, subtype 2 and above, is described in product-specific documentation.
For more information on XML grammar and IRRADU00 record format, see:

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014