I would like to know if a specific user is using the CLRPFM file on two specific files. I can't restrict the user from the CLRPFM command. I have system auditing running and have done CHGUSRAUD AUDLVL(*objmgt)for that user but it isn't logging the CLRPFM. What am I missing or can this be done?
You might try auditing the use of the CLRPFM command. To do that, use the CHGOBJAUD command, specify to audit based on a user profile basis. Then, for the user you are suspecting uses the CLRPFM command, use the CHGUSRAUD command to change the OBJAUD parameter to audit *ALL accesses.
You can also use the CHGOBJAUD to audit the use of the specific file. Another alternative is to use the CHGUSRAUD command to audit the commands the user is entering. To do that, specify *CMD for the AUDLVL parameter. Note, this will log ALL commands that user enters, not just the CLRPFM command.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Dig Deeper on iSeries physical security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
When error messages arise concerning attempts to use a permanent system object without authority, find the source of the issue by looking for an AF ... Continue Reading