Change User Auditing (CHGUSRAUD)

The CHGUSRAUD (Change User Audit) command allows a user with audit (*AUDIT) special authority to set up or change auditing for a user. The system value QAUDCTL controls turning auditing on and off. The auditing attributes of a user profile can be displayed with the Display User Profile (DSPUSRPRF) command.

Note: The changes made by CHGUSRAUD take effect the next time a job is started for this user.

Keyword	Description	Choices	Notes
USRPRF	User profile	Values (up to 50 repetitions): Simple name	Required, Positional 1
OBJAUD	Object auditing value	SAME, NONE, CHANGE, ALL	Optional, Positional 2
AUDLVL	User action auditing	Single values: SAME, NONE Other values (up to 13 repetitions): CMD, CREATE, DELETE, JOBDTA, OBJMGT, OFCSRV, OPTICAL, PGMADP, SAVRST, SECURITY, SERVICE, SPLFDTA, *SYSMGT	Optional, Positional 3

Object auditing value (OBJAUD)

Specifies the object auditing value for the user. This value only takes effect if the object auditing (OBJAUD) value for the object to be accessed has the value *USRPRF.

*SAME: The value does not change.
*NONE: The auditing value for the object determines when auditing is performed.
*CHANGE: All change accesses by this user on all objects with the *USRPRF audit value are logged.
*ALL: All change and read accesses by this user on all objects with the *USRPRF audit value are logged.

User action auditing (AUDLVL)

Specifies the level of activity that is audited for this user profile.

Note: The system values QAUDLVL and QAUDLVL2 are used in conjunction with this parameter. For example, if QAUDLVL is set to *DELETE and AUDLVL is set to *CREATE, then both *DELETE and *CREATE would be audited for this user. The default value for the QAUDLVL and QAUDLVL2 system values is *NONE.

Single values

*SAME: The value does not change.
*NONE: No auditing level is specified. The auditing level for this user is taken from system values QAUDLVL and QAUDLVL2.

Other values (up to 13 repetitions)

*CMD

CL command strings, System/36 environment operator control commands, and System/36 environment procedures are logged for this user.

*CREATE

Auditing entries are sent when objects are created by this user.

*DELETE

Auditing entries are sent when objects are deleted by this user.

*JOBDTA

The following actions taken by this user that affect a job are audited:

Job start and stop data
Hold, release, stop, continue, change, disconnect, end, end abnormal
Program start request (PSR) is attached to a prestart job

*OBJMGT

Object management changes made by this user, such as move or rename, are audited.

*OFCSRV

Office services changes made by this user, such as changes to the system directory and use of OfficeVision mail, are audited.

*OPTICAL

The following optical functions are audited:

Add or remove optical cartridge
Change the authorization list used to secure an optical volume
Open optical file or directory
Create or delete optical directory
Change or retrieve optical directory attributes
Copy, move, or rename optical file
Copy optical directory
Back up optical volume
Initialize or rename optical volume
Convert backup optical volume to a primary volume
Save or release held optical file
Absolute read of an optical volume

*PGMADP

Authority obtained through program adoption is audited for this user.

*SAVRST

Save and restore actions performed by this user are audited.

*SECURITY

Security changes made by this user are audited.

*SERVICE

Use of the system service tools by this user is audited.

*SPLFDTA

Spooled file operations made by this user are audited.

*SYSMGT

Use of system management functions by this user is audited.

Examples

CHGUSRAUD   USRPRF(FRED)  OBJAUD(*CHANGE)
            AUDLVL(*CREATE *DELETE)

This command changes the auditing value in the user profile of the user FRED. All objects whose object auditing value is *USRPRF are audited when they are changed by user FRED. All objects that are created and all objects that are deleted will be audited for user FRED. Auditing records are sent to the auditing journal QAUDJRN in QSYS.