ACD$ |
Users who are using automatic command
direction |
Identifies users who are using the RACF® remote sharing facility for
automatic command direction |
CADU |
Count of the IRRADU00 records |
Shows the number of SMF-recorded
events |
CCMD |
Count of commands issued (by user) |
Shows the command activity for a
specific user |
ECD$ |
Users who are directing commands
explicitly |
Identifies users who are using the RACF remote sharing facility to
explicitly direct commands by specifying "AT(node.user_ID)" |
LOGB |
Users who log on with LOGON BY, a
VM facility |
Identifies users who are logging
on as other users |
LOGF |
Users with excessive incorrect passwords |
Identifies users who have exceeded
a "bad password" threshold. This threshold is independent of
the SETROPTS PASSWORD(REVOKE(nn)) value |
OPER |
Accesses allowed because the user
has OPERATIONS |
Identifies users with the OPERATIONS
attribute |
PWD$ |
Users who are using password synchronization |
Identifies users who are using the RACF remote sharing facility |
RACL |
RACLINK audit records |
Identifies users who are using the RACF remote sharing facility |
RINC |
RACF class
initialization information |
Shows the status of RACF classes at RACF initialization |
SELU |
All audit records for a specific
user |
Reports on all audited events for
a user |
SPEC |
Accesses allowed because the user
has SPECIAL |
Identifies users with the SPECIAL
attribute |
TRMF |
Excessive incorrect passwords from
terminals |
Identifies intruders who are attempting
to guess passwords but are moving from one ID to another to avoid
the revocation of user IDs |
VIOL |
Access violations |
Identifies failed events |
WARN |
Accesses allowed due to WARNING mode
profiles |
Identifies events that are allowed
but which you might want to prevent in the future |