You can audit the creation, alteration, and deletion of ACLs by using SETROPTS LOGOPTIONS for the FSSEC class. The FSSEC class controls auditing for changes to all file security information, including file owner, permission bits, and auditing options. See z/OS Security Server RACF Auditor's Guide for more information.