Yes. Command Line access is granted at the *USRPRF level on the “Limit Capabilities” (LMTCPB) parameter. The valid values are Yes, No, and Partial. Values “No” and “Partial” grant command line access. (However, just because someone has command line access doen’t necessarily give that someone authority to a particular command. ) So if you are *SECOFR or have *ALLOBJ authority you can very easily see who does/does not have Command Line access. What they are using it for is another matter. You could do it – but it isn’t an “easy” matter. One “easier” way to track command execution is to examine the interactive job’s Job Log. But to do that, you would have to make sure that the job log (*SPLF) got created every time the user signed off. If any of the users have *JOBCTL capabilities, they could foil your attempts to track their activity by changing the own interactive job to not produce a job log or change the level of detail created. At any rate, if you are able to create a job log 100% of the time, you could then write a program to interogate the user’s job log to capture the information. That too would not be an “easy” task. But it is do-able. Hopefully this helps.
To track command-line usage, you can enable auditing and specify CHGUSRAUD AUDLVL(*CMD) for any users you need to track.
Commands from those users will be recorded in the system audit journal along with any other events you have enabled for auditing.