+

Search Tips   |   Advanced Search

Use SMF type 80 - preparing for audit support

SMF type 80 requires some preparation in order to be fully utilized in a WebSphere environment.

As WebSphere Application Server becomes more capable of authentication and setting or changing the identity on a thread, so arises the need for the ability to audit these changes. Along with this also comes the need to audit the accompanying authorization requests made through EJBRoles checking, intending to produce audit records that include the original authenticated identity. This auditing in WebSphere Application Server is managed not through WebSphere Application Server itself, but through its External Security Manager (RACF or equivalent), where the SMF records are cut.

To take advantage of auditing in WebSphere Application Server, we need to set up SMF and RACF and have both running.

  1. Set up SMF for audit support. For information on setting up and starting SMF, see z/OS MVS™ System Management Facilities (SMF), SA22-7630

  2. Enable auditing for the EJB Roles by setting the RACF AUDIT attribute. This will set up RACF for auditing in WebSphere Application Server. We can turn on auditing for the ADMIN and PAYROLL classes with the following command:

      RALTER EJBROLE (ADMIN,PAYROLL) AUDIT(ALL)

    • Alternately, you could modify the RACFROLE job to put the AUDIT information there.

    • For more information and additional parameters for the AUDIT attribute, see the z/OS Security Server RACF Auditor's Guide.


Subtopics


Related information:

MVS System Management Facilities (SMF)

z/OS Security Server RACF Auditor's Guide