who has created an userid in the system?



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

Re: who has created an userid in the system?

Postby j2422tw » Tue Nov 09, 2010 1:39 pm

In my understand, you can using the RACF SMF data unload utility modules (IRRADU00 and IRRADU86) to extract SMF type 80, 81 and 83.

The output will show who create the userid you want to know.

You can find it by search "ADDUSER" keyword.

Refer "Security Server RACF Macros and Interfaces", section "IRRADU00 record format".
j2422tw
 
Posts: 25
Joined: Wed Sep 19, 2007 9:46 am
Has thanked: 0 time
Been thanked: 0 time

Re: who has created an userid in the system?

Postby jaggz » Tue Nov 09, 2010 3:49 pm

In some shop if we list a user then you get a information who has created that(Probably you should have the right access to list the specific user. If you are a racf administrator, then you might be terminal supervisor for a various mainframe user groups. Then racf administrator hold record like when it was created , who created etc. In acf2, if we decomp the ACF id then you get the history of the ID creation. Auditors can too involve in knowing the trail. In syslog you could trace but it would be tedious to find if it is too old.
User avatar
jaggz
 
Posts: 356
Joined: Fri Jul 23, 2010 8:51 pm
Has thanked: 8 times
Been thanked: 5 times

Re: who has created an userid in the system?

Postby nightwatchrenband » Mon Nov 22, 2010 11:13 pm

SMF record 80, Event type 10 has this information
If you have Barry Merrill's MXG product. Look at SAS FilE TYPE8010, fields JOB, RACFUSER, etc
nightwatchrenband
 
Posts: 2
Joined: Sat Nov 20, 2010 4:16 am
Has thanked: 0 time
Been thanked: 0 time

Previous

Return to Mainframe Security

 


  • Related topics
    Replies
    Views
    Last post