audit-attribute

This stanza entry specifies the name of the access decision information (ADI) attribute to audit.

audit-attribute = azn-attr

Name of the access decision information (ADI) attribute to audit. An attribute can establish accountability by providing information to help identify potentially inappropriate access of assets. We can grant or deny access based on the rules applied to attributes.

For example, the WebSEAL switch-user authentication feature provides a mechanism to allow certain users to impersonate another user. When switch-user is used, an authorization request is evaluated against an assumed identity rather than the actual identity of the user. It is desirable to allow administrators to capture the user's actual identity.

We can audit the names or descriptions of the ISAM policies (ACL, POP, and authorization rule) applied to the object that is accessed.

Options

azn_attr

The authorization API attribute represents an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set.

Usage

Optional

Default value

There is no default value.

Example

The following example shows the configuration for WebSEAL:

audit-attribute = tagvalue_su-admin

Parent topic: [aznapi-configuration] stanza