See who's browsing secret file records

How can I record users' activity when they browse the records of a file?

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT iSeries i5/OS and OS/400 Will overloaded discs impact iSeries performance? Error CWBCO1049 on AS/400 Recovering from DST QSECOFR password disablement on V5R4 Enrolling a user profile in the i5/OS system distribution directory How to resolve a CPI93B8 error message: LIC problem data has been logged for #MSTRTNS Checking if a local port is used by another job on AS/400 Restricting specific user command line access Print private authorities (PRTPVTAUT) command for user objects in a library with *public exclude Getting modules to adopt authorities from the main program Copying a physical file back to a spool file

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

First of all, I believe it would make more sense to secure sensitive data so
it can't be viewed by unauthorized users. However, if you don't want to protect
your data from unauthorized use, you can have the system log who is using it.

Read Access journal entries can be generated and deposited in the
Security Audit Journal (QAUDJRN).

First you will need to turn on Security Auditing.

Read the IBM document on how to do this.

Once Security Auditing has been turned on you are ready to select objects
you want to log access for.

For example, to audit all access to a file named KENNETH/ALLGRPP, I need
to tell the system to record security events for this object.

The CHGOBJAUD command is used to do this.

CHGOBJAUD OBJ(KENNETH/ALLGRPP) OBJTYPE(*FILE) OBJAUD(*ALL)
tells the system to generate Security Audit Journal Entries for any access to this
object.

Now, let's say I use RUNQRY to read this file:

RUNQRY QRY(*NONE) QRYFILE((KENNETH/ALLGRPP))

Since auditing has been turned for this file, the system records this access
event as a journal entry in the QAUDJRN. I can review these Security Journal Audit
Entries. This is a command that will help you do this:

DSPAUDJRNE ENTTYP(ZC) FROMTIME(073107 131220)

The output from this command shows who read file KENNETH/ALLGRPP and
when they did:

                                         
                                         QUERY NAME . . . . . QSECZR                                    
                                         LIBRARY NAME . . . . QSYS                                      
                                         FILE         LIBRARY      MEMBER       FORMAT                  
                                         QASYZRJ4     QTEMP        QASYZRJ4     QASYZRJ4                
                                         DATE . . . . . . . . 07/31/07                                  
                                         TIME . . . . . . . . 13:28:48                                  
07/31/07  13:28:48                                                                         PAGE    1 

   
   User       Object     Library    Object   Job        Job        Job    Timestamp                     
   profile    name       name       type     name       user       number  

                             
ZR KEG        ALLGRPP    KENNETH    *FILE    KENNETH    KEG        000668 2007-07-31-13.22.09.954928

Good luck!