myITforum and Windows IT Pro Forums
Forum Themes:
Welcome !

 QAUDJRN entries for SBMJOB

Author Message

  • Total Posts : 2
  • Scores: 0
  • Reward points : 540
  • Joined: 7/23/2017
  • Status: offline
QAUDJRN entries for SBMJOB Sunday, July 23, 2017 11:52 PM (permalink)
I have set OBJAUD to *ALL on the following object types associated with a SBMJOB:
*PGM (being called in CMD() of SBMJOB)
and also USRAUD to *ALL for both profiles: PGMRA and ALLOBJUSR
Then doing:
I get the following QAUDJRN entries:
but nothing for
System value QAUDCTL includes *OBJAUD
Objective: I'm wanting to trap when PGMRA submits a job to run under ALLOBJUSR, but there are no ZR or ZC entries.
I have added *JOBDTA to QAUDLVL, and this does give me an entry I can use, but it also adds a LOT of other fluff that I really don't want.
Am I being unrealistic to expect a V7R2 system to at least "read" a *USRPRF when a job is being submitted?
PS: The SBMJOB test was done after signing on following CHGUSRAUD for PGMRA
<message edited by rclark4i on Monday, July 24, 2017 12:11 AM>

    • Total Posts : 24
    • Scores: 2
    • Reward points : 46610
    • Joined: 11/19/2015
    • Status: offline
    Re:QAUDJRN entries for SBMJOB Monday, July 24, 2017 7:09 PM (permalink)
    You should check the security reference manual.  I'm not on v7r2 but one of the appendices is "Object operations and auditing".
    For *JOBDs, it mentions under operations not audited:
    "Batch job
    When used to establish a job"
    Although the *USRPRF object isn't mentioned in regards to submitting batch jobs, I would suspect it won't be audited given most of the RTV* type commands aren't audited.
    I'm not sure what you mean by "and also USRAUD to *ALL for both profiles: PGMRA and ALLOBJUSR" but I suspect it's issuing the CHGUSRAUD against the profiles and setting object auditing to *ALL.  That doesn't cause the profiles to be audited, it means that if auditing on an object is set to *USRPRF, it will check the auditing value in the user profile to determine if the action should be audited or not.
    I haven't tested this but I wonder if setting command auditing for the profiles may be better?  If you issue CHGUSRAUD AUDLVL(*CMD) that will audit commands issued by the user.  It might be more useful?

      • Total Posts : 2
      • Scores: 0
      • Reward points : 540
      • Joined: 7/23/2017
      • Status: offline
      Re:QAUDJRN entries for SBMJOB Wednesday, July 26, 2017 9:59 PM (permalink)
      Jsev, thanks for this.
      "Object operations and auditing" - I have looked at that section, but hasn't really helped me. (but good for future ref)
      "*USRPRF object isn't mentioned in regards to submitting batch jobs" - No, but nor was a *JOBQ, but I am getting ZC entries for that. I was expecting that somewhere the *USRPRF would be "read" at the start of a job. Apparently not logged.
      "That doesn't cause the profiles to be audited" - understand and agree. Sorry I was a little too abbreviated. I meant I had both CHGUSRAUD to *ALL, and also CHGOBJAUD to *ALL for both *USRPRF objects. (leave no stone unturned)
      "command auditing for the profiles" - That's going to create a lot of extra QAUDJRN entries that I really don't want, but thanks for the suggestion.
      I'm thinking my best option is to put an "exit point" on the SBMJOB  *CMD via
      ADDEXITPGM EXITPNT(QIBM_QCA_CHG_COMMAND) FORMAT(CHGC0100) PGMNBR(1) PGM(MYLIB/MYPGM) PGMDTA(*JOB 10 SBMJOB)  (or similar) and check there to see if the job is being submitted to run under a different USRPRF.
      Will also look at the Job Notification QIBM_QWT_JOBNOTIFY exit point as well to see what that gives. (Though I suspect this will give a lot more invocations as it will include interactive and other jobs as well)
      I've also just discovered that if you
      Then instead of a ZR entry in QAUDJRN, you get a CD which includes the command string executed. This is just as useful as the ADDEXITPGM option.
      <message edited by rclark4i on Thursday, July 27, 2017 1:51 AM>
        Online Bookmarks Sharing: Share/Bookmark

        Jump to:

        Current active users

        There are 0 members and 2 guests.

        Icon Legend and Permission

        • New Messages
        • No New Messages
        • Hot Topic w/ New Messages
        • Hot Topic w/o New Messages
        • Locked w/ New Messages
        • Locked w/o New Messages
        • Read Message
        • Post New Thread
        • Reply to message
        • Post New Poll
        • Submit Vote
        • Post reward post
        • Delete my own posts
        • Delete my own threads
        • Rate post

        2000-2017 ASPPlayground.NET Forum Version 3.9