(ZOS) Use SMF type 80 - preparing for audit support

SMF type 80 requires some preparation in order to be fully utilized in a WebSphere environment.

As WAS becomes more capable of authentication and setting or changing the identity on a thread, so arises the need for the ability to audit these changes. Along with this also comes the need to audit the accompanying authorization requests made through EJBRoles checking, intending to produce audit records that include the original authenticated identity. This auditing in WAS is managed not through WAS itself, but through its External Security Manager (RACF or equivalent), where the SMF records are cut.

In order to take advantage of auditing in WAS, we need to set up SMF and RACF and have both running.

Tasks

1. Set up SMF for audit support. For information on setting up and starting SMF, see z/OS MVS™ System Management Facilities (SMF), SA22-7630
2. Enable auditing for the EJB Roles by setting the RACF AUDIT attribute. This will set up RACF for auditing in WAS. We can turn on auditing for the ADMIN and PAYROLL classes with the following command:

      RALTER EJBROLE (ADMIN,PAYROLL) AUDIT(ALL) 
   

   • Alternately, we could modify the RACFROLE job to put the AUDIT information there.
   • For more information and additional parameters for the AUDIT attribute, see the z/OS Security Server RACF Auditor's Guide.

Subtopics

• Audit support
  This topic gives an overview of how to use audit support.

MVS System Management Facilities (SMF)

z/OS Security Server RACF Auditor's Guide