The TSSAUDIT batch utility allows an auditor to monitor changes to the CA Top Secret security file and monitor other sensitive MVS data. The type of security information depends on the control statements that you specify.
For example, you can use TSSAUDIT to perform the following tasks:
- List security information about modules in Authorized Program Facility (APF) libraries.
- List all changes to ACIDs or list changes during a range of dates or times.
- List MVS information about site-written Supervisor Calls (SVCs), the Program Properties Table (PPT), and Terminal Monitor Program (TMP) authorized program lists.
- List security file information about one or more ACIDs (including attributes and privileges).
How to Monitor Security File Changes and Other Sensitive Data
To use TSSAUDIT to monitor security file changes and monitor other sensitive data:
- Ensure that you have authority to use TSSAUDIT.
- Assemble JCL for the TSSAUDIT job.JCL includes the following components:
- DD statements
- Control statements
- Submit the JCL to execute TSSAUDIT.TSSAUDIT provides output based on your specifications.
The following authorities are required for TSSAUDIT control statements:
- APFRequires ACID(REPORT) and RESOURCE(REPORT) authority and must be executed by an SCA type ACID.
- CHANGESRequires ACID(REPORT) and RESOURCE(REPORT) authority.
- MVSRequires ACID(REPORT) and RESOURCE(REPORT) authority and must be executed by an SCA type ACID.
- PRIVILEGESRequires ACID(REPORT,AUDIT) and RESOURCE(REPORT) authorities.
A user with none of the above administrative authorities may use TSSAUDIT if given USE access to entity TSSUTILITY.TSSAUDIT in the CASECAUT resource class.This access is granted by an administrator using the following command:
TSS PERMIT(user) CASECAUT(TSSUTILITY.TSSAUDIT) ACCESS(USE)