IBM Support

Auditing Changes to Function Usage Operations

Question & Answer


Question

How do you create a report that keeps track of changes to Function Usage Operations?

Answer

The Security Audit Journal can be used to track changes to Function Usage operations.  The following document creates a report of Registered, Reregistered, Deregistered Changes and Usage Failures. 
 
The AUDIT_JOURNAL_GR table function returns rows from the audit journal that contain information from the GR (Generic Record) journal entries.
 

Authorization: No authorization needed.

Note: The AUDIT_JOURNAL_GR table function is available on IBM i 7.5 base, IBM i 7.4 at SF99704 Level 15 and IBM i 7.3 at SF99703 Level 26.  For older releases, use Method 2.

Before you start, verify that the QAUDJRN journal exists and that you have *SECCFG or *SECURITY on your QAUDLVL system value. 

Use the DSPSECAUD command and make sure the following settings are configured on your system:
  
  Security journal QAUDJRN exists . . . . . :  YES    
Current QAUDCTL system value  . . . . . . : *AUDLVL 
Current QAUDLVL system value  . . . . . . : *SECCFG
 
NOTE: The value *SECURITY also tracks the changes to Function Usage Operations. 
 
If not there, use the CHGSECAUD command to add them to your system.  Keep in mind that the auditing values need to be active on your system before the report can be generated. 


NOTE:  To track changes for the Default authority (DEFAULT) and *ALLOBJ special authority(ALLOBJAUT) parameters it is recommended that you audit the command CHGFCNUSG for use operations.  For information on how to audit Use operations for a command, refer to the link:


To get a report of Function Usage Operations, follow the steps:
 
Method 1: Using the AUDIT_JOURNAL_GR table function.
 
1) Open the ACS Run SQL Scripts tool 
2) Run the following SQL:

SELECT ENTRY_TIMESTAMP,
       JOB_NAME,
       JOB_USER,
       JOB_NUMBER,
       ENTRY_TYPE,
       ENTRY_TYPE_DETAIL,
       FUNCTION_NAME,
       FUNCTION_REGISTRATION_OPERATION,
       USER_PROFILE_NAME,
       USAGE_SETTING,
       PREVIOUS_USAGE,
       FUNCTION_ALLOBJ,
       PREVIOUS_ALLOBJ
    FROM TABLE (
            SYSTOOLS.AUDIT_JOURNAL_GR(STARTING_TIMESTAMP => CURRENT DATE - 7 DAYS)
        )
    WHERE entry_type = 'F'
          AND FUNCTION_REGISTRATION_OPERATION IN ('CHANGE USAGE', 'DEREGISTER', 'REGISTER', 'REREGISTER', 'USAGE FAILURE')

image-20220914085037-1

Note 1: Modify the number of days for the report. 
Note 2: If Hexadecimal data is displayed on the report, you need to change the JDBC connection properties to translate the CCSID to 65535. On the Run SQL tool, select the Connection Menu > Connected > Edit JDBC Connection > Translation and click on Translate CCSID 65535. Save the connection and reconnect to run the SQL.
 
Method 2: Using the command CPYAUDJRNE.
 
1) Use the CPYAUDJRNE command to extract the data from the Audit Journal and create a file:

CPYAUDJRNE ENTTYP(GR) JRNRCV(*CURCHAIN) FROMTIME(091422 070000) TOTIME(091422 110000)
Note 1: Modify the date and time on the CPYAUDJRNE command. 
Note 2: The command creates a file QAUDITGR in library QTEMP

2) Use the STRSQL to get to the SQL command line and run:

SELECT *
    FROM qtemp/qauditgr
    WHERE GRTYPE = 'F'

image-20220914090448-2

More information on the AUDIT_JOURNAL_GR table function: AUDIT_JOURNAL_GR


[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CHyAAM","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0;7.2.0;7.3.0;7.4.0;7.5.0"}]

Document Information

More support for:
IBM i

Component:
Security

Software version:
7.1.0, 7.2.0, 7.3.0, 7.4.0, 7.5.0

Operating system(s):
IBM i

Document number:
6620333

Modified date:
22 April 2025

UID

ibm16620333

Manage My Notification Subscriptions

Page Feedback