SMF type 80 requires some preparation in order to be fully
utilized in a WebSphere® environment.
Before you begin
As WebSphere Application Server becomes more
capable of authentication and setting or changing the identity on
a thread, so arises the need for the ability to audit these changes.
Along with this also comes the need to audit the accompanying authorization
requests made through EJBRoles checking, intending to produce audit
records that include the original authenticated identity. This auditing
in WebSphere Application Server is managed
not through WebSphere Application Server itself, but
through its External Security Manager (RACF® or
equivalent), where the SMF records are cut.
About this task
In order to take advantage of auditing in WebSphere Application Server, you need to set up SMF and RACF and
have both running.
Procedure
- Set up SMF for audit support. For information on setting
up and starting SMF, see z/OS MVS™ System Management Facilities (SMF), SA22-7630
- Enable auditing for the EJB Roles by setting the RACF AUDIT attribute. This will set up RACF for auditing in WebSphere Application Server. You can turn on auditing for the ADMIN and PAYROLL classes
with the following command:
RALTER EJBROLE (ADMIN,PAYROLL) AUDIT(ALL)
- Alternately, you could modify the RACFROLE
job to put the AUDIT information there.
- For more information and additional parameters
for the AUDIT attribute, see the z/OS Security Server RACF Auditor's Guide.