What WTO or email variables can be used to track the ACF2 rule that allowed access to an Object Access Successful No Audit event?

Document ID : KB000048168
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

For ACF2 the ENTITY, RULEKEY and RULELINE variables can be used in a WTO or EMAIL Action for Object Access Successful No Audit events to return the dataset or resource(ENTITY), the $KEY (RULEKEY) and the ACF2 rule entry(RULELINE) that allowed access to the object.

Solution:

The ENTITY, RULEKEY and RULELINE variables can be used in a WTO or EMAIL Action for Object Access Successful No Audit events to return the dataset or resource(ENTITY), the $KEY (RULEKEY) and the ACF2 rule entry(RULELINE) that allowed access to the object.

The variables are enclosed in '%' and expanded in when the event ALERT WTO is triggered.

For example the following WTO text is defined for a WTO Action attached to an Alert Object Access Successful No Audit event Policy statement, WTO Text:

Event: %EVENT% Entity: %ENTITY% Jobname: %JOBNAME%
Category: %CATEGORY%
Access: %ACCESS% Rulekey: %RULEKEY%
RuleLine: %RULELINE%

OBJECTACCESS event triggered, WTO on SYSLOG:

Event: OBJECTACCESS Entity: SYS1.BRODCAST Jobname: USER002 809
Category: OBJECTACCESS
Access: READ Rulekey: SYS1
RuleLine: - UID(*) READ(A) EXEC(A)