Access attempts are logged in order to allow users to monitor their own user IDs. This information can be output in two ways.
On each access in interactive, information concerning the last successful interactive access is output in message SRM3203.
Although this message is not output by default, it can be activated by system administration (see "Logging access attempts").
The /SHOW-LOGON-PROTECTION command can be used to output information about the last access attempts.
For further details on the content of this information, please refer to the description of the SHOW-LOGON-PROTECTION command .
System access control can store a maximum of 40 entries concerning access attempts in the SRPM file and attempts to store as much information as possible in this file for the owner of the user ID. The procedure employed is as follows:
Each access class is assigned to one of the following groups:
Dialog, Batch, POSIX, Operating and File-Transfer.The quota of 40 entries is equally distributed across the groups that actually occur. There are no unused reserves.
Both entries relating to successful accesses and unsuccessful access attempts are recorded. When the quota for a group is exhausted, the oldest entries in that group are discarded. An attempt is made to keep the number of entries for successful accesses higher than that for unsuccessful access attempts.
Note
System access control also logs access attempts by services which are called on by the user, but are provided after a time lapse, e.g. Open File Transfer. Under certain circumstances, the cause of a log entry may not therefore be immediately evident. If, in such a case, you want to know more about an access, you must check the SAT entries.
Global setting for output of message SRM3203
System administration can specify whether or not message SRM3203 about the last successful access should be output on interactive access. This is a global system setting. The default setting is for this message to be suppressed. Many applications which access the BS2000 system via $DIALOG (e.g. RFA, FT as well as customer applications) may not be able to process this message.
This message can be activated or deactivated in the SRPMOPT subsystem information file ($TSOS.SYSSSI.SRPMOPT.<version> on the home pubset).
This entry starts in column 1 of the file and has the following syntax:
If message SRM3203 is to be output:
LAST-DIALOG-LOGON-MESSAGE=YIf message SRM3203 is not to be output:
LAST-DIALOG-LOGON-MESSAGE=N
This information is evaluated during startup processing. If an error occurs on access to the subsystem information file or if the information it contains cannot be evaluated, this fact is logged using Serslog entries.