*AUDIT special authority
Audit (*AUDIT) special authority gives the user the ability to view and change auditing characteristics.
A user can perform the following tasks with the *AUDIT special authority:
- Change and display the system values that control auditing.
- Use the CHGOBJAUT, CHGDLOAUD, and CHGAUD commands to change auditing for objects.
- Use the CHGUSRAUD command to change auditing for a user.
- Display an object's auditing values.
- Display a user profile's auditing values.
- Run some of the security tool commands, such as PRTADPOBJ.
Risks: A user with *AUDIT special authority can stop and start auditing on the system or prevent auditing of particular actions. If having an audit record of security-relevant events is important for your system, carefully control and monitor the use of *AUDIT special authority.
To prevent general users from viewing auditing information, restrict general users' access to the following information:
- The security audit journal (QAUDJRN)
- Other journals that contain auditing data
- Save files, outfiles, spool files, and printed output that contain auditing information
Note: Only a user with *ALLOBJ, *SECADM, and *AUDIT special
authorities can give another user *AUDIT special authority.