You might try auditing the use of the CLRPFM command. To do that, use the CHGOBJAUD command, specify to audit based on a user profile basis. Then, for the user you are suspecting uses the CLRPFM command, use the CHGUSRAUD command to change the OBJAUD parameter to audit *ALL accesses.
You can also use the CHGOBJAUD to audit the use of the specific file. Another alternative is to use the CHGUSRAUD command to audit the commands the user is entering. To do that, specify *CMD for the AUDLVL parameter. Note, this will log ALL commands that user enters, not just the CLRPFM command.
================================== MORE INFORMATION ON THIS TOPIC ==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
This was first published in June 2003