How can I prevent the user, who has an UPDDTA authority, from deleting the DFU Audit Log?
The DFU audit log is actually a spooled file. If you can specify which outq the audit log goes to, specify that the spooled file goes to a secured outq. If the user has *JOBCTL special authority, make sure you send the spooled file to an outq that was created with OPRCTL(*NO) so they cannot manipulate the spooled file. If the user has *SPLCTL special authority, you cannot prevent them from deleting the spooled file.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400.com's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400.com Featured Topic: Secure your iSeries
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
When error messages arise concerning attempts to use a permanent system object without authority, find the source of the issue by looking for an AF ... Continue Reading