SMF type 80 requires some preparation in order to be fully utilized
in a WebSphere® environment.
Before you begin
As WebSphere Application
Server becomes more capable of authentication and setting or changing the
identity on a thread, so arises the need for the ability to audit these changes.
Along with this also comes the need to audit the accompanying authorization
requests made through EJBRoles checking, intending to produce audit records
that include the original authenticated identity. This auditing in WebSphere Application
Server is managed not through WebSphere Application Server itself,
but through its External Security Manager (RACF® or equivalent), where the SMF records
are cut.
About this task
In order to take advantage of auditing in WebSphere Application Server, you
need to set up SMF and RACF and have both running.
Procedure
- Set up SMF for audit support. For information on setting up and
starting SMF, see z/OS® MVS System Management Facilities (SMF), SA22-7630
- Enable auditing for the EJB Roles by setting the RACF AUDIT attribute.
This will set up RACF for auditing in WebSphere Application Server.
You can turn on auditing for the ADMIN and PAYROLL classes with the
following command:
RALTER EJBROLE (ADMIN,PAYROLL) AUDIT(ALL)
- Alternately, you could modify the RACFROLE job to
put the AUDIT information there.
- For more information and additional parameters for
the AUDIT attribute, see the z/OS Security
Server RACF Auditor's
Guide.