HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Operating System - OpenVMS
Showing results for 
Search instead for 
Did you mean: 

Auditing ACL for specific users.

Go to solution
The Brit
Honored Contributor

Auditing ACL for specific users.

I want to audit (i.e. record in the SECURITY.AUDIT$JOURNAL) when a subgroup of users (with elevated privileges) Login and Logout of my system. The group consists of probably less than 10 (out of several hundred).

I dont want to log everybody, only this relatively small group.

It seemed a relatively simple problem however it turns out to be more difficult than I thought, (unless I am missing something obvious). I thought about putting an auditing ACE on either SYLOGIN.COM or LOGINOUT.EXE however it doesn't look like this can be restricted to "access by the sub-group".

Any ideas anyone.

Bojan Nemec
Honored Contributor

Re: Auditing ACL for specific users.


Audit ACEs can not be restricted to a group.

What about creating a dummy file which is protected against all users except the group and has an audit alarm:

Then in SYS$SYLOGIN try to open and close this file.
$ OPEN/READ D dummy_file /ERROR=ERR

If the open will succed, you will receive an audit record in the audit journal.

The Brit
Honored Contributor

Re: Auditing ACL for specific users.

Thanks Bojan,

This solution will work for me.