How are password threshold exceeded and password suspension events recorded in Compliance Manager?

Document ID : KB000046979
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

How are password threshold exceeded and password suspension events recorded in Compliance Manager?

Answer:

There is no administrative command being issued in Compliance Manager.  What you see is a command representation of what happened being recorded to the recovery file in case you would have to perform forward recovery.  Since a real command was not issued it cannot be captured in the account administration tables. The suspension is the result of a system access signon event, and in this case a signon violation event since the signon was unsuccessful.  If you are recording these type of events, you should see a DRC (CODE1 field) of '1' for ACID suspended and a DRC of '27' (x'1B') for Password Violation Threshold Exceeded.  If you are capturing these events then you can set an Alert for the DRC codes.