See who's browsing secret file records
Expert Ken Graap explains to a reader how he can monitor users who view top secret information using the AS/400 RUNQRY command.
information they are not allowed to display or print.
I looked in our system journals (QAUDJRN) and did not find any information!
How can I record users' activity when they browse the records of a file?
it can't be viewed by unauthorized users. However, if you don't want to protect
your data from unauthorized use, you can have the system log who is using it.
Read Access journal entries can be generated and deposited in the
Security Audit Journal (QAUDJRN).
First you will need to turn on Security Auditing.
Read the IBM document on how to do this.
Once Security Auditing has been turned on you are ready to select objects
you want to log access for.
For example, to audit all access to a file named KENNETH/ALLGRPP, I need
to tell the system to record security events for this object.
The CHGOBJAUD command is used to do this.
CHGOBJAUD OBJ(KENNETH/ALLGRPP) OBJTYPE(*FILE) OBJAUD(*ALL)
tells the system to generate Security Audit Journal Entries for any access to this
object.
Now, let's say I use RUNQRY to read this file:
RUNQRY QRY(*NONE) QRYFILE((KENNETH/ALLGRPP))
Since auditing has been turned for this file, the system records this access
event as a journal entry in the QAUDJRN. I can review these Security Journal Audit
Entries. This is a command that will help you do this:
DSPAUDJRNE ENTTYP(ZC) FROMTIME(073107 131220)
The output from this command shows who read file KENNETH/ALLGRPP and
when they did:
QUERY NAME . . . . . QSECZR
LIBRARY NAME . . . . QSYS
FILE LIBRARY MEMBER FORMAT
QASYZRJ4 QTEMP QASYZRJ4 QASYZRJ4
DATE . . . . . . . . 07/31/07
TIME . . . . . . . . 13:28:48
07/31/07 13:28:48 PAGE 1
User Object Library Object Job Job Job Timestamp
profile name name type name user number
ZR KEG ALLGRPP KENNETH *FILE KENNETH KEG 000668 2007-07-31-13.22.09.954928
Good luck!
Dig Deeper on iSeries system and application security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.
Meet all of our AS/400 experts
View all AS/400 questions and answers
Start the conversation
0 comments