Unfortunately, there is no best practice documentation for using or auditing internal or external security with CA Datacom. Because of the wide diversity of implementation available across multiple SAF products, and because there are multiple levels of implementation available, any attempt to try and define a single best practice could be rendered ineffective as soon as someone needed to configure their system differently due to company practices and guidelines.
As a simple example, having a closed security system or an open system would lead to a totally different manner of implementation, and what might be a best practice in one would be difficult or impossible to implement in the other.
Consequently, we recommend that clients follow any suggested audit practices related to the SAF for use against special resources or classes and against users as defined explicitly or generically in these classes. As most of our external security definition is resource-based and not dataset-based, this would most likely provide the best results.