I would like to know if a specific user is using the CLRPFM file on two specific files. I can't restrict the user from the CLRPFM command. I have system auditing running and have done CHGUSRAUD AUDLVL(*objmgt)for that user but it isn't logging the CLRPFM. What am I missing or can this be done?

You might try auditing the use of the CLRPFM command. To do that, use the CHGOBJAUD command, specify to audit based on a user profile basis. Then, for the user you are suspecting uses the CLRPFM command, use the CHGUSRAUD command to change the OBJAUD parameter to audit *ALL accesses.

You can also use the CHGOBJAUD to audit the use of the specific file. Another alternative is to use the CHGUSRAUD command to audit the commands the user is entering. To do that, specify *CMD for the AUDLVL parameter. Note, this will log ALL commands that user enters, not just the CLRPFM command.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.


This was first published in June 2003

Back to top