Use the RESAUDIT system parameter to control the production of RESLEVEL audit records.
RACF GENERAL audit records are produced.
Produce RESLEVEL audit records by setting the RESAUDIT system parameter to YES. If the RESAUDIT
parameter is set to NO, audit records are not produced. For more details about setting this
parameter, see Use CSQ6SYSP.
If RESAUDIT is set to YES, no normal RACF audit
records are taken when the RESLEVEL check is made to see what access an address space user ID has to
the hlq.RESLEVEL profile. Instead, IBM MQ requests that
RACF create a GENERAL audit record (event number
27). These checks are only carried out at connect time, so the performance cost is minimal.
We can report the IBM MQ general audit records using
the RACF report writer (RACFRW). You could use the
following RACFRW commands to report the RESLEVEL access:
RACFRW
SELECT PROCESS
EVENT GENERAL
LIST
END
A sample report from RACFRW, excluding the Date,
Time, and
SYSID fields, is shown in Figure 1.Figure 1. Sample output from RACFRW showing RESLEVEL general audit records
RACF REPORT - LISTING OF PROCESS RECORDS PAGE 4
E
V Q
E U
*JOB/USER *STEP/ --TERMINAL-- N A
NAME GROUP ID LVL T L
WS21B MQMGRP IGJZM000 0 27 0 JOBID=(WS21B 05.111 09:44:57),USERDATA=()
TRUSTED USER AUTH=(NONE),REASON=(NONE)
SESSION=TSOLOGON,TERMINAL=IGJZM000,
LOGSTR='CSQH RESLEVEL CHECK PERFORMED AGAINST PROFILE(QM66.RESLEVEL),
CLASS(MQADMIN), ACCESS EQUATES TO (CONTROL)',RESULT=SUCCESS,MQADMIN
From checking the LOGSTR data in this sample output, we can see that TSO user WS21B has CONTROL
access to QM66.RESLEVEL. This means that all resource security checks are bypassed when user WS21B
access QM66 resources.
See the z/OS Security Server RACF Auditor's Guide.