Why does the Command Audit Trail not always get updated when using CKGRACF to update a profile?

Question & Answer

Question

When using CKGRACF to update a profile, the Command Audit Trail that is maintained by zSecure Command Verifier does not always get updated. Why is this?

Cause

As an example, when using RACF commands to set the protected attribute for a userid:

alu xxxxxxx nopassword nooidcard nophrase)

and to remove it again by setting a new password:

alu xxxxxxx password(yyyyyyy)

the Command Audit Trail for the affected user profile is updated.

However, when using CKGRACF to set:

user xxxxxxx pwset protected

or remove

user xxxxxxx pwset noprotected

the protected attribute, it does not cause the Command Audit Trail to be updated.

Answer

Some CKGRACF functions do not use real RACF commands and the Command Audit Trail only applies to RACF commands. Therefore maintaining the CAT is bypassed.

[{"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Why does the Command Audit Trail not always get updated when using CKGRACF to update a profile?

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?