|
- Work_area
- The name of a 1024-byte work area for SAF and RACF® usage. The work area must be in the primary
address space.
- ALET
- The name of a word containing the ALET for the following parameter.
Each parameter must have an ALET specified. Each ALET can be different.
The words containing the ALETs must be in the primary address space.
- SAF_return_code
- The name of a 4–byte area in which the SAF router returns the
SAF return code.
- RACF_return_code
- The name of a 4–byte area in which the service routine stores
the return code.
- RACF_reason_code
- The name of a 4–byte area in which the service routine stores
the reason code.
- Num_parms
- The name of a 4-byte area containing the number of parameters
in the parameter list, including the Num_parms parameter. This parameter
must be in the primary address space. It must be initialized to 26.
- ACEE_ALET
- The name of a 4-byte area containing the ALET for the ACEE pointed
to named by the ACEE_ptr parameter. The 4-byte area must be in the
primary address space.
- ACEE
- The name of an area containing the ACEE belonging to the RACF user that should appear in
the log record. An ACEE may only be specified by a caller in supervisor
state or system key. The ACEE must begin with eyecatcher "ACEE".
Otherwise, the area must contain binary zeros in the first 4 bytes.
When the area contains binary zeros, RACF uses
the task-level ACEE if found, or the address space ACEE.
- Parm_ALET
- The name of a 4-byte area containing the ALET for the remaining
parameters in the parameter list and any data areas referenced by
parameter list pointers. The word containing the ALET must be in the
primary address space.
- Option_word
- The name of a 4-byte area containing binary zeros. This area is
reserved for future use.
- Link_value
- The name of an 8-byte area containing a value used to mark related
SMF records. Since a single event may result in multiple calls to
R_auditx for logging, you can logically link the records by specifying
a common value such as a time stamp. Otherwise, fill the area with
binary zeros.
- Attributes
- The name of a 4-byte area containing flags set by the caller.
Possible attribute values are the following:
- x'80000000'
- Event Result. Used to indicate if the event was a success or a
failure. Success if flag is set. Failure if flag is not set.
- x'40000000'
- Authentication Event. Use logging defaults for authentication
events described in the usage notes.
- x'20000000'
- Authorization Event. Use logging defaults for authorization events
described in the usage notes.
- x'10000000'
- Always log successes.
- x'08000000'
- Always log failures.
- x'04000000'
- Never log successes.
- x'02000000'
- Never log failures.
- x'01000000'
- Check warning mode.
Set any combination of attributes flags except
the following pairs that directly conflict with each other: 'Authentication Event' & 'Authorization Event'
'Always log successes' & 'Never log successes'
'Always log failures' & 'Never log failures'
'Never log success' & 'Never log failures'
Refer to
the usage notes for additional information about the priority of these
flags for logging determination.
- Component
- The name of an area that consists of a 4-byte length field followed
by character data. The character data is the name of the product
or component calling the R_auditx service. The length represents
the length of the character data. The maximum length of the data
is 255. The component is required, therefore, the length must be greater
than zero.
- FMID
- The name of a 7-byte area containing the FMID of the product or
component calling the R_auditx service.
- Subtype
- The name of a 4-byte integer with the SMF type 83 record subtype
assigned to the component. The value may range from 2 to 32767, but
should match the subtype assigned to the component. Assigned subtypes
are:
Subtype |
z/OS® component |
---|
2 |
Enterprise identity mapping |
5 |
WebSphere® Application
Server |
6 |
Tivoli® Key
Lifecycle Manager (TKLM) |
- Event
- The name of a 4-byte integer which the caller initializes with
the event code. The value may range from 1 through 255.
- Qualifier
- The name of a 4-byte integer which the caller initializes with
the event code qualifier. The value may range from 0 through 255.
- Class
- The name of an 8-byte area containing a RACF class name. If not specified, the area
must contain all blanks. Otherwise, the class name is assumed to
have the following characteristics:
- Left justified
- Padded to the right with blanks
- Specified in uppercase
- A static IBM® class name,
a statically defined installation class name, or a dynamically defined
installation class name
- A general resource class
The class cannot be USER, GROUP, or DATASET. It must also be
active and RACLISTed.
- Resource
-
The name of an area that consists of a 4-byte length field
followed by a resource name covered by a profile defined in the RACF class specified above. The
length represents the length of the resource name. The maximum length
is 246. The resource name is ignored if the length is zero. Ensure
the letter case of the resource matches that defined for profiles
in the class. For the RAUDITX class, profiles must be uppercase so
the resource name must be folded to uppercase before being passed
to this service. Some classes preserve case sensitivity for profiles
and corresponding resource names should not be folded. Refer to z/OS Security Server RACF Macros and Interfaces for
more information about class definitions.
- Log_string
- The name of an area that consists of a 4-byte length field followed
by character data to be written with the audit information. The length
represents the length of the character data. The maximum length of
the log string is 255. If character data is not specified, the length
must equal zero.
- Relocate_count
- The name of a 4-byte area containing the number of relocate sections.
The maximum number of relocate sections is 512. The minimum is 0.
- Relocate_ptr
- The name of an area containing the address of an array of relocate
sections. For 31-bit callers, this area is 4-bytes long. For 64-bit
callers, this area is 8-bytes long. The area is 4-bytes long. This
parameter is ignored when the Relocate_count parameter is zero. The
number of entries in the array must equal the value in the Relocate_count.
The relocate is not added to the log record when the length is zero.
When the length is greater than zero, the relocate data pointer must
not be zero. An array entry for a 31 bit caller is:
Dec Offset |
Hex Offset |
Type |
Len |
Name(Dim) |
Description |
---|
0 |
(0) |
STRUCTURE |
16 |
RAUX_RELOCATE |
A row in the array of relocate sections. It
describes a single field value. |
0 |
(0) |
FIXED |
2 |
RAUX_RELO_TYPE |
The relocate section type. The value must not
be less than 100 or greater than 65535. |
2 |
(2) |
FIXED |
2 |
* |
Reserved |
4 |
(4) |
FIXED |
4 |
RAUX_RELO_LEN |
The length of the data portion of the relocate
section. The sum of the relocate lengths plus an additional four bytes
for each relocate field must not exceed 20480 bytes. |
8 |
(8) |
FIXED |
4 |
* |
Reserved |
C |
(C) |
ADDRESS |
4 |
RAUX_RELO_DATA_PTR |
The address of the data for the relocate section |
An array entry for a 64 bit caller is: Dec Offset |
Hex Offset |
Type |
Len |
Name(Dim) |
Description |
---|
0 |
(0) |
STRUCTURE |
16 |
RAUX64_RELOCATE |
A row in the array of relocate sections. It
describes a single field value. |
0 |
(0) |
FIXED |
2 |
RAUX64_RELO_TYPE |
The relocate section type. The value must not
be less than 100 or greater than 65535. |
2 |
(2) |
FIXED |
2 |
* |
Reserved |
4 |
(4) |
FIXED |
4 |
RAUX64_RELO_LEN |
The length of the data portion of the relocate
section. The sum of the relocate lengths plus an additional four bytes
for each relocate field must not exceed 20480 bytes. |
8 |
(8) |
ADDRESS |
8 |
RAUX_RELO_DATA_PTR |
The address of the data for the relocate section |
Fields marked 'Reserved' must be filled with binary zeros.
- Message_count
- The name of a 4-byte integer containing the number of message
segments that form the message. The maximum number of segments is
16. The service issues no message if Message_count is 0.
- Message_ptr
-
The name of an area containing zero or the address of an array.
For 31-bit callers, this area is 4-bytes long. For 64-bit callers,
this area is 8-bytes long. This parameter is ignored when the Message_count
parameter is zero. Otherwise, the number of entries in the array must
equal the Message_count value.
The array contains the length
and addresses of message segments are combined to form a message that
is directed to the security console and the job log. Each message
segment text, referenced by the segment pointer in each array entry,
should be composed of valid uppercase characters that will display
properly at the console. The length for each message segment must
not exceed 70 characters. The first message segment should begin with
a component message identifier of 15 characters or less.
For
each array entry, the message segment is not included when its segment
length is zero. When the segment length is greater than zero, the
segment pointer must not be zero.
An array entry for a 31-bit
caller is: Dec Offset |
Hex Offset |
Type |
Len |
Name(Dim) |
Description |
---|
0 |
(0) |
STRUCTURE |
16 |
RAUX_SEGMENT |
One phrase in the message |
0 |
(0) |
FIXED |
4 |
* |
Reserved |
4 |
(4) |
FIXED |
4 |
RAUX_SEG_LEN |
The length of the message segment. The value
must not exceed 70. |
8 |
(8) |
FIXED |
4 |
* |
Reserved |
12 |
(12) |
ADDRESS |
4 |
RAUX_SEG_PTR |
The address of message segment |
Fields marked 'Reserved' must be filled with binary zeros.
An
array entry for a 64-bit caller is: Dec Offset |
Hex Offset |
Type |
Len |
Name(Dim) |
Description |
---|
0 |
(0) |
STRUCTURE |
16 |
RAUX64_SEGMENT |
One phrase in the message |
0 |
(0) |
FIXED |
4 |
* |
Reserved |
4 |
(4) |
FIXED |
4 |
RAUX64_SEG_LEN |
The length of the message segment. The value
must not exceed 70. |
8 |
(8) |
ADDRESS |
8 |
RAUX64_SEG_PTR |
The address of message segment |
Fields marked 'Reserved' must be filled with binary zeros.
|