Re: Special authority use ... Auditing

Patrick, would audit entry type AF capture this instance (the failure to have 
special authority)?  
Thanks
 
  
 
-----Original Message-----
From: Patrick Botz <botz@xxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Sent: Fri, 24 Mar 2006 18:51:29 -0600
Subject: RE: Special authority use ... Auditing


Yeah! And it would be even more fun listening to the complaints about all
of the disk space used by the audit journal :-). But since that's not my
job anymore I wouldn't really have to worry about it!

One other thought. Starting in V5R4 I believe, we audit for instances where
a special authority was required but the requestor didn't have it (failure
to have special authority).  You could take away special authority from all
user profiles and select the audit entries.  I guarantee this will help you
find everyone who needs special authority for any reason :-)

Patrick Botz
Senior Technical Staff Member
Rochester CTC, eServer Security Architecture & Consulting
iSeries Security Architect
(507) 253-0917, T/L 553-0917
CTC Fax # 507-253-2070
email: botz@xxxxxxxxxx

For more information on CTC, visit our website at
http://www.ibm.com/eserver/services
http://www.ibm.com/servers/eserver/services


midrange-l-bounces@xxxxxxxxxxxx wrote on 03/24/2006 07:51:10 AM:

> Wow Pat.... That's a lot of work <smile> ... Wouldn't it be nice if an
> entry was deposited to the audit journal every time a function or object
> access was allowed because of Special Authority? A new QAUDLVL system
> value option, *SPCAUT... Hmmmmm .... I like it!