Question & Answer
Question
When using CKGRACF to update a profile, the Command Audit Trail that is maintained by zSecure Command Verifier does not always get updated. Why is this?
Cause
As an example, when using RACF commands to set the protected attribute for a userid:
alu xxxxxxx nopassword nooidcard nophrase)
and to remove it again by setting a new password:
alu xxxxxxx password(yyyyyyy)
the Command Audit Trail for the affected user profile is updated.
However, when using CKGRACF to set:
user xxxxxxx pwset protected
or remove
user xxxxxxx pwset noprotected
the protected attribute, it does not cause the Command Audit Trail to be updated.
Answer
Some CKGRACF functions do not use real RACF commands and the Command Audit Trail only applies to RACF commands. Therefore maintaining the CAT is bypassed.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21967409