SMF TSS231 fields

TSS SMF 231 records are for Unix System Services events. For information on TSS records for legacy MVS events, see SMF-TSS80-fields.

For more information, see also SMF TSS Common fields.

Name
(Filter)

Tag
CEF Name

Description

SMF1FSP1

FileInfo

Information for file 1

SMF1FSP2

FileInfo2

Information for file 2

SMF231ATH_Audit
 (Boolean)

Auth_Audit
 cs4

Indicates that user has the AUDITOR attribute and used this authority to issue the command with operands that require the AUDITOR attribute

SMF231ATH_Bypass
 (Boolean)

Auth_Bypass

Indicates that *BYPASS* was specified on the user ID field

Access was granted because RACF authority checking was bypassed.

SMF231ATH_Exit
 (Boolean)

Auth_Exit

Indicates that the user has authority because the exit routine indicated that the request is to be accepted without any further authority checks

SMF231ATH_Norm
 (Boolean)

Auth_Normal

Indicates that the user's authority to issue the command or SVC was determined by the checks for a user with the SPECIAL, OPERATIONS, or AUDITOR attribute

The filter indicates that the tests were performed, not that the user passed the tests and have authority to issue the command. The test is not performed if the user has the AUDITOR attribute and entered the command with only those operands that require the AUDITOR attribute.

SMF231ATH_Oper
 (Boolean)

Auth_Oper

Set by RACROUTE REQUEST=AUTH and RACROUTE REQUEST=DEFINE and indicates that the user has the OPERATIONS attribute and used this authority to obtain access to the resource

SMF231ATH_Soft
 (Boolean)

Auth_Soft

Indicates that resource access was granted by the operator during failsoft processing

SMF231ATH_Spec
 (Boolean)

Auth_Special
 cs3

Indicates that the user has the SPECIAL attribute and used this authority to issue the command

If the user also has the AUDITOR attribute and entered the command with only the operands that require the AUDITOR attribute, the indicator does not show that the SPECIAL attribute was used. If users do not use their authority as users with the SPECIAL attribute, the indicator does not reflect use of the SPECIAL attribute.

SMF231ATH_Trusted
 (Boolean)

Auth_Trusted

Indicates that the user has the trusted attribute

SMF231ATHD
 (Mapped Integer)

Auth
 cs5

Authorities used for processing commands or accessing resources, expressed as text

SMF231CAT
 (EGNX)

Cat
 cat

Constant TSS231

SMF231EVT
 (Integer)

Event

Event code expressed as an integer

SMF231EVTD
 (Mapped Integer)

Event

Event code expressed as text

SMF231JBN
 (EGNX)

JobNm
 sproc

Job name

For RACROUTE REQUEST=VERIFY records for batch jobs, this field can be blank.

SMF231RST

RdrTime
 start

Time that the reader recognized the JOB statement for this job

For RACROUTE REQUEST=VERIFY records for batch jobs, this field can be zero.

SMF231TRM
 (EGNX)

TermNm
 shost

Terminal ID of foreground user (blank if not available)

SMF231USR
 (EGNX)

UserID
 suid

Identifier of the user associated with this event (jobname is used if the user is not defined to RACF)

SMF231USR_L
 (EGNX)

usrName

Identifier of the user associated with this event (jobname is used if the user is not defined to RACF)

This field’s formatting is conditioned on the software switch LEEF.

SMFCPUID

TargetUID

Uids of target process

SMFEGID
 (Integer)

EffGID

Effective gid

SMFEUID
 (Integer)

EffUID

Effective uid

SMFMAPID
 (Integer)

ID

Uid/gid

SMFMAPNM
 (EGNX)

Name

User and group name

SMFNFLAG
 (Integer)

Num

Cred name flag

SMFOAFS
 (EGNX)

DSN

File system DSN

SMFOAFSL
 (Integer)

SMFOAFSL

Fsa file name length

SMFOEAFC
 (Integer)

Cmd

Audit function code (irrpafc)

SMFOEAFCD
 (Mapped Integer)

Cmd

Audit function code (irrpafc)

SMFOEGID
 (Integer)

GID

Gid of user logged on

SMFOEGRP
 (EGNX)

Group

Group of user logged on

SMFOERRC
 (Integer)

RC

Racf return code

SMFOERRN
 (Integer)

Reas

Racf reason code

SMFOESFC
 (Integer)

Func

Security service function code

SMFOESFCD
 (Mapped Integer)

Func

Security service function code in text

SMFOESRC
 (Integer)

SMFOESRC

SAF return code

SMFOEUID
 (Integer)

UID

Uid of user logged on

SMFOEVARFile1
 (EGNX)

Dev

Path1

SMFOEVARPath1
 (EGNX)

FName

Path1

SMFRQACC

Req

Requested access (irrpcomp)

SMFRQACCD
 (Mapped Integer)

Req

Requested access (irrpcomp)

SMFSFLAG

Flag

SMF flag byte

SMFSFLG2

Flag2

SMF flag byte

SMFSFLG3

Audit

SMF flag byte

SMFUTYPE
 (Integer)

Type

Cred user type

SMFUTYPED
 (Mapped Integer)

Type

Cred user type

Many of these descriptions are taken from the macro TSSSMFOX © Copyright 2000 CA Technologies.

Related topic

FIELDS-parameter

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*