1 |
1 |
1 |
|
|
Heading fields common to all entry
types. See Standard heading fields for audit journal entries QJORDJE5 Record Format (*TYPE5),Standard heading fields for audit journal entries QJORDJE4 Record Format (*TYPE4),
and Standard heading fields for audit journal entries QJORDJE2 Record Format (*TYPE2) for field listing. |
156 |
224 |
610 |
Violation Type1 |
Char(1) |
- A
- Not authorized to object
- B
- Restricted instruction
- C
- Validation failure (see J5 offset 639)
- D
- Use of unsupported interface, object domain failure
- E
- Hardware storage protection error, program constant space violation
- F
- ICAPI authorization error
- G
- ICAPI authentication error
- H
- Scan exit program action (see J5 offset 639)
- I7
- System Java™ inheritance not allowed
- J
- Submit job profile error
- K
- Special authority violation
- N
- Profile token not a regenerable token
- O
- Optical Object Authority Failure
- P
- Profile swap error
- R
- Hardware protection error
- S
- Default sign-on attempt
- T
- Not authorized to TCP/IP port
- U
- User permission request not valid
- V
- Profile token not valid for generating new profile token
- W
- Profile token not valid for swap
- X
- System violation — see J5 offset 723 for violation codes
- Y
- Not authorized to the current JUID field during a clear JUID operation.
- Z
- Not authorized to the current JUID field during a set JUID operation.
|
157 |
225 |
611 |
Object Name 1,
5, 12, 17 |
Char(10) |
The name of the object. |
167 |
235 |
621 |
Library Name13 |
Char(10) |
The name of the library where the
object is stored or the Licensed Internal Code fix number that failed
to apply.11 |
177 |
245 |
631 |
Object Type14,
17 |
Char(8) |
The type of object. |
185 |
253 |
639 |
Validation Error Action |
Char(1) |
Action taken after validation error
detected, set only if the violation type (J5 offset 610) is C or H.
- A
- The translation of the object was not attempted or it failed.
The QALWOBJRST system value setting allowed the object to be restored.
The user doing the restore did not have *ALLOBJ special authority
and the system security level is set to 10, 20, or 30. Therefore,
all authorities to the object were retained.
- B
- The translation of the object was not attempted or it failed.
The QALWOBJRST system value setting allowed the object to be restored.
The user doing the restore did not have *ALLOBJ special authority
and the system security level is set to 40 or above. Therefore, all
authorities to the object were revoked.
- C
- The translation of the object was successful. The translated copy
was restored on the system.
- D
- The translation of the object was not attempted or it failed.
The QALWOBJRST system value setting allowed the object to be restored.
The user doing the restore had *ALLOBJ special authority. Therefore,
all authorities to the object were retained.
- E
- System install time error detected.
- F
- The object was not restored because the signature is not IBM i format.
- G
- Unsigned system or inherit state object found when checking system.
- H
- Unsigned user state object found when checking system.
- I
- Mismatch between object and its signature found when checking
system.
- J
- IBM certificate not found when checking system.
- K
- Invalid signature format found when checking system.
- M
- Scan exit program modified the object that was scanned
- X
- Scan exit program wanted object marked as having a scan failure
|
186 |
254 |
640 |
Job Name |
Char(10) |
The name of the job. |
196 |
264 |
650 |
User Name |
Char(10) |
The job user name. |
206 |
274 |
660 |
Job Number |
Zoned(6,0) |
The job number. |
212 |
280 |
666 |
Program Name |
Char(10) |
The name of the program. |
222 |
290 |
676 |
Program Library |
Char(10) |
The name of the library where the
program is found. |
232 |
300 |
686 |
User Profile 2 |
Char(10) |
The name of the user that caused
the authority failure. |
242 |
310 |
696 |
Workstation Name |
Char(10) |
The name of the workstation or workstation
type. |
252 |
320 |
706 |
Program Instruction Number |
Zoned(7,0) |
The instruction number of the program. |
259 |
327 |
713 |
Field name |
Char(10) |
The name of the field. |
269 |
337 |
723 |
Operation Violation Code |
Char(3) |
The type of operation violation that
occurred, set only if the violation type (J5 offset 610) is X.
- AAC
- Not authorized to use SST Advanced Analysis Command.
- HCA
- Service tool user profile not authorized to perform hardware configuration
operation (QYHCHCOP).
- LIC
- LIC indicates that a Licensed Internal Code fix was not applied
because of a signature violation.
- SFA
- Not authorized to activate the environment attribute for system
file access.
- CMD
- An attempt was made to use a command that has been disabled by
a system administrator.
|
272 |
340 |
726 |
Office User |
Char(10) |
The name of the office user. |
282 |
350 |
736 |
DLO Name |
Char(12) |
The name of the document library
object. |
294 |
362 |
748 |
(Reserved Area) |
Char(8) |
|
302 |
370 |
756 |
Folder Path15, 16 |
Char(63) |
The path of the folder. |
365 |
433 |
819 |
Office on Behalf of User |
Char(10) |
User working on behalf of another
user. |
375 |
|
|
(Reserved Area) |
Char(20) |
|
|
443 |
829 |
(Reserved Area) |
Char(18) |
|
|
461 |
847 |
Object Name Length3 |
Binary(4) |
The length of the object name. |
395 |
463 |
849 |
Object Name CCSID3 |
Binary(5) |
The coded character set identifier
for the object name. |
399 |
467 |
853 |
Object Name Country or Region ID3 |
Char(2) |
The Country or Region ID for the
object name. |
401 |
469 |
855 |
Object Name Language ID3 |
Char(3) |
The language ID for the object name. |
404 |
472 |
858 |
(Reserved area) |
Char(3) |
|
407 |
475 |
861 |
Parent File ID3,4 |
Char(16) |
The file ID of the parent directory. |
423 |
491 |
877 |
Object File ID3,4 |
Char(16) |
The file ID of the object. |
439 |
507 |
893 |
Object Name3,6 |
Char(512) |
The name of the object. |
|
1019 |
1405 |
Object File ID3 |
Char(16) |
The file ID of the object. |
|
1035 |
1421 |
ASP Name10 |
Char(10) |
The name of the ASP device. |
|
1045 |
1431 |
ASP Number10 |
Char(5) |
The number of the ASP device. |
|
1050 |
1436 |
Path Name CCSID3 |
Binary(5) |
The coded character set identifier for the path
name. |
|
1054 |
1440 |
Path Name Country or Region ID3 |
Char(2) |
The Country or Region ID for
the path name.
|
|
1056 |
1442 |
Path Name Language ID3 |
Char(3) |
The language ID for the path
name.
|
|
1059 |
1445 |
Path Name Length3 |
Binary(4) |
The length of the path name.
|
|
1061 |
1447 |
Path Name Indicator3 |
Char(1) |
Path name indicator:
- Y
- The Path Name field contains complete absolute path name for
the object.
- N
- The Path Name field does not contain an absolute path name for
the object, instead it contains a relative path name. The Relative
Directory File ID field is valid and can be used to form an absolute
path name with this relative path name.
|
|
1062 |
1448 |
Relative Directory File ID3, 8 |
Char(16) |
When the Path Name Indicator field is N, this
field contains the file ID of the directory that contains the object
identified in the Path Name field. Otherwise it contains hex zeros.8 |
|
1078 |
1464 |
Path Name3, 9 |
Char(5002) |
The path name of the object. |
|
|
6466 |
ASP Program Library Name |
Char(10) |
ASP name for program library |
|
|
6476 |
ASP Program Library Number |
Char(5) |
ASP number for program library |
- 1
- When the violation type is for description G, the object name
contains the name of the *SRVPGM that contained the exit that detected
the error. For more information about the violation types, see Security auditing journal entries.
- 2
- This field contains the name of the user that caused the entry.
QSYS might be the user for the following entries:
- offsets 41 and 118 for *TYPE2 records
- offsets 55 and 132 for *TYPE4 records
- offsets 65 and 187 for *TYPE5 records
- 3
- These fields are used only for objects in the "root"
(/), QOpenSys, and user-defined file systems.
- 4
- An ID that has the left-most bit set and the rest of the bits
zero indicates that the ID is NOT set.
- 5
- When the violation type is T, the object name contains the TCP/IP
port the user is not authorized to use. The value is left justified
and blank filled. The object library and object type fields will be
blank.
|
- 6
- When the violation type is O, the optical object name is contained
in the integrated file system object name field. The Country or Region
ID, language ID, parent file ID, and object file ID fields will all
contain blanks.
- 7
- The Java class object being created
can not extend its base class because the base class has system Java attributes.
- 8
- If the Path Name Indicator field is N, but the Relative Directory
File ID is hex zeros, then there was some error in determining the
path name information.
- 9
- This is a variable length field. The first two bytes contain the
length of the path name.
- 10
- If the object is in a library, this is the ASP information of
the object's library. If the object is not in a library, this is the
ASP information of the object.
|
- 11
- When the violation type is X and the Operation Violation code
value is LIC, this indicates that a Licensed Internal Code fix was
not applied because of a signature violation. This field will contain
the Licensed Internal Code fix number that failed to apply.
- 12
- When the violation type is K, the object name contains the name
of the command or program that detected the error. If the command
has several alternative names, the command name in the audit record
might not match the specific command name used but will be one of
the equivalent alternatives. A special value of *INSTR indicates that
a machine instruction detected the error.
- 13
- When the violation type is K, the library name contains the name
of the program's library or *N for the command's library that detected
the error.
- 14
- When the violation type is K, the object type contains the object
type of the command or program that detected the error.
- 15
- When the violation type is K, the Folder Path might contain the
full API name of the API or exit point name that detected the error.
|
- 16
- When the violation type is X and the Operation Violation Code
is AAC, the Folder Path will contain the 30 character Advanced Analysis
Command name.
- 17
- When the object type is *LIC and the object library is *N, the
object name is a Licensed Internal Code Ru name.
|