Any user who has the privilege SAT-FILE-EVALUATION or SAT-FILE-MANAGEMENT may evaluate SATLOG files. These files must be protected in such a way that there are accessible only from the user IDs which possess the privilege SAT-FILE-EVALUATION or SAT-FILE-MANAGEMENT. Optimum protection can be achieved by linking the SATLOG files and SAT reduction files to a guard. This guard can then contain conditions which permit access to the SAT files only with a specific privilege and only with a specific program.

In addition, the audit attribute is set, i.e. any access to the SAT files is logged automatically (with the logic rule INDEPENDENT). This covers the opening, closing and replacing of SAT files.

The following rules should be observed, in particular when the SAT-FILE-MANAGEMENT or SAT-FILE-EVALUATION privilege is assigned to user IDs other than SYSAUDIT:

• The SATLOG files cataloged under SYSAUDIT cannot be evaluated unless they are shareable. SRPM group administration should therefore create an AUDITOR group of which the user ID SYSAUDIT is a member. The files should be made accessible to this group by means of a basic access control list (BACL) or a guard.

• The deletion of SATLOG files and the creation of replacement files are possible only under the user ID SYSAUDIT. Analysis files or lists can be created under other user IDs. (see section “Input files for SATUT”).