CHGUSRAUD (Change User Audit)

CHGUSRAUD Command syntax diagram

 

Purpose

The CHGUSRAUD (Change User Audit) command allows a user with *AUDIT special authority to set up or change auditing for a user. The system value QAUDCTL controls turning auditing on and off. The auditing attributes of a user profile can be displayed with the Display User Profile (DSPUSRPRF) command.

Note:

The changes made by CHGUSRAUD take effect the next time a job is started for this user.

 

Required Parameters

USRPRF

Specifies the name of the user profile whose auditing values are changed.

 

Optional Parameters

OBJAUD

Specifies the object auditing value for the user. This value only takes effect if the object auditing (OBJAUD) value for the object being accessed has the value *USRPRF.

*SAME: The value does not change.

*NONE: The auditing value for the object determines when auditing is performed.

*CHANGE: All change accesses by this user on all objects with the *USRPRF audit value are logged.

*ALL: All change and read accesses by this user on all objects with the *USRPRF audit value are logged.

AUDLVL

Specifies the level of activity that is audited for this user profile.

Note:

The system value QAUDLVL is used in conjunction with this parameter. Example: If QAUDLVL is set to *DELETE and AUDLVL is set to *CREATE, then both *DELETE and *CREATE would be audited for this user. The default value for the QAUDLVL system value is *NONE.

*SAME: The value does not change.

*NONE: No auditing level is specified. The auditing level for this user is taken from system value QAUDLVL.

*CMD: CL command strings, System/36 environment operator control commands, and System/36 environment procedures are logged for this user.

*CREATE: Auditing entries are sent when objects are created by this user.

*DELETE: Auditing entries are sent when objects are deleted by this user.

*JOBDTA: All job start and stop data is audited for this user.

*OBJMGT: Object management changes made by this user, such as move or rename, are audited.

*OFCSRV: Office services changes made by this user, such as changes to the system directory and use of OfficeVision mail, are audited.

*OPTICAL: Optical actions performed by this user are audited.

*PGMADP: Authority obtained through program adoption is audited for this user.

*SAVRST: Save and restore actions performed by this user are audited.

*SECURITY: Security changes made by this user are audited.

*SERVICE: Use of the system service tools by this user is audited.

*SPLFDTA: Spool files operations made by this user are audited.

*SYSMGT: Use of system management functions by this user is audited.

Example for CHGUSRAUD

CHGUSRAUD  USRPRF(FRED)  OBJAUD(*CHANGE)
  AUDLVL(*CREATE *DELETE)

This command changes the auditing value in the user profile of the user FRED. All objects whose object auditing value is *USRPRF are audited when they are changed by user FRED. All objects that are created and all objects that are deleted will be audited for user FRED. Auditing records are sent to the auditing journal QAUDJRN in QSYS.

Error messages for CHGUSRAUD

*ESCAPE Messages

CPF22B0

Not authorized to change the auditing value.

CPF22CC

Auditing value not changed for some user profiles.

CPF22FF

System user profile cannot be changed.