If the Auditor Audit Options in the root IFSP are not set properly you will see the following message:
FSUMF353 __chattr() could not set auditor audit flags for /Service.
EDC5139I Operation not permitted.
The Auditor Audit Options flags should be set to "---" (no auditing) not "fff". In order to change the bits you need superuser authority and must be an SCA.
Issue the Unix "find" command to list all files that have auditor audit options set to "fff":
find / -aaudit =f
Issue the Unix "df" command to display mounted filesystems.
Check every mounted filesystem in the "df" output to see if it also shows up in the "find" command output. If so, the auditor audit options for that filesystem should be changed from "fff" to "---" (no auditing).
Issue the Unix chaudit command to change the auditor audit options from "fff" to "---". This example changes the auditor audit options for the /SERVICE filesystem:
chaudit -a -f /SERVICE
Issue similar chaudit commands for every filesystem that has incorrectly set auditor audit options.