Audit Authorizations (ttaad4162s000)

Use this session to assign various authorization levels to a user.

Note: 

This session can only be run by these administrative user accounts

  • "root" on a Unix platform
  • "baan" on a Windows 2000 platform
  • "QSECOFR" on an AS400/OS400 platform

Audit authorizations can be defined for normal users and for super users as well. By default, a super user has no audit authorization.

You must define audit authorizations only for users that need to perform actions, such as print or purge, on audit files.

You can select different check boxes to indicate which actions the user is allowed to perform on the audit files of a table:

  • The Print check box
  • The Purge check box
  • The Maintain check box
Note: These authorization levels are overruled by the security embedded in the audit files, which is defined in the Audit Trail Security (ttaud3137m000) session: users can only perform the actions they are authorized for, if these actions are allowed in the audit trail security settings.

Example

A user is authorized to print the sequence files of all tables. In the audit trail security settings, printing is prohibited for table tccom000. As a result the user can not print the sequence files of this table.

Field Information

User

The user that you want to authorize for the sessions concerning audit.

Package

Specify how authorizations for packages will be assigned. Select one of the following from the list:

  • All. To assign authorization for audit files in all packages.
  • Specified. To assign authorization for audit files in one or more individual packages, e.g. "tc", "tp" and "wh". For each package, you must create a separate authorization record for the user and enter the desired package in the Package (From) field.
  • Range. To assign authorization for audit files in a range of packages, e.g. "tc" - "tp". The range must be entered in the next fields.
Note: 

Specified authorizations take precedence over Range authorizations. You can use them to define exceptions to Range authorizations. For example: assume that user "Peter" has the following audit authorizations.

User Package Module Table Company Security
Peter Range, tc-tp All All All Print

Now you want to make an exception: user "peter" must be able to print and purge audit files belonging to package "tf". Add the following record:

User Package Module Table Company Security
Peter Specified, tf All All All Print + Purge
Package (From)

This field contains one of the following:

  • The individual package for whose audit files the user is authorized ( Specified authorizations).
  • The first package in the range for which the user is authorized ( Range authorizations).
Package (To)

The last package in the range for which the user is authorized ( Range authorizations).

Module

Specify how authorizations for modules will be assigned. Select one of the following from the list:

  • All. To assign authorization for audit files in all modules.
  • Specified. To assign authorization for audit files in one or more individual modules, e.g. "com", "ibd" and "mcs". For each module, you must create a separate authorization record for the user and enter the desired module in the Module (From) field.
  • Range. To assign authorization for audit files in a range of modules, e.g. "com" - "mcs". The range must be entered in the next fields.
Note:  Specified authorizations take precedence over Range authorizations. You can use them to define exceptions to Range authorizations.
Module (From)

This field contains one of the following:

  • The individual module for whose audit files the user is authorized ( Specified authorizations).
  • The first module in the range for which the user is authorized ( Range authorizations).
Module (To)

The last module in the range for which the user is authorized ( Range authorizations).

Table

Specify how authorizations for tables will be assigned. Select one of the following from the list:

  • All. To assign authorization for audit files belonging to all tables.
  • Specified. To assign authorization for audit files belonging to one or more individual tables. For each table, you must create a separate authorization record for the user and enter the desired table in the Table (From) field.
  • Range. To assign authorization for audit files belonging to a range of tables. The range must be entered in the next fields.
Note:  Specified authorizations take precedence over Range authorizations. You can use them to define exceptions to Range authorizations.
Table (From)

This field contains one of the following:

  • The individual table for whose audit files the user is authorized ( Specified authorizations).
  • The first table in the range for which the user is authorized ( Range authorizations).
Table (To)

The last table in the range for which the user is authorized ( Range authorizations).

Company

Specify how authorizations for companies will be assigned. Select one of the following from the list:

  • All. To assign authorization for audit files belonging to all companies.
  • Specified. To assign authorization for audit files belonging to one or more individual companies. For each company, you must create a separate authorization record for the user and enter the desired company in the Company (From) field.
  • Range. To assign authorization for audit files belonging to a range of companies. The range must be entered in the next fields.
Note:  Specified authorizations take precedence over Range authorizations. You can use them to define exceptions to Range authorizations.
Company (From)

This field contains one of the following:

  • The individual company for whose audit files the user is authorized ( Specified authorizations).
  • The first company in the range for which the user is authorized ( Range authorizations).
Company (To)

The last company in the range for which the user is authorized ( Range authorizations).

Print

If this check box is selected, the user can

  • print the content of sequence files in the Print Range of Audit Files (ttaad4461m000) and the Print Range of Audit Files (Multi Lines) (ttaad4463m000) sessions.
  • display technical information on audit sequences, such as maximum file size and termination status, in the Display Audit Sequences (ttaad4560s000) session.
Purge

If this check box is selected, the user can purge audit-sequence files in the Purge Audit Files (ttaad4261m000) session.

Maintain

If this check box is selected, the user can terminate open audit-sequence files in the Display Audit Sequences (ttaad4560s000) session.