Does it catch …? Please expand on question.
If “unauthorized”, no “change” should happen. A change can only be done by someone with sufficient authorization.
In the AS400 does journaling capture all changes made to files as long as journaling is on.
Homework / Interview?
Yes BigK, on the AS/400 Journalling will have an entry for every change to a row of a file that is Journalled. Except that certain mass changes will have a single entry.
Mostly use of journaling will record the activities of physical file.. this is programmer point of
view……it does not catch the unauthorized changes….
To expand if you have someone who has the authorization/privileges to make changes and wants to do a change that has not been reviewed, if you review the journal can you see the change they made?
You must setup Journaling before it works. Read a book from IBM.
…if you review the journal can you see the change they made?
Yes. That is one of the common uses of journaling, to record changes for audit/review. If journaling is active for a file, then it is not possible to alter the content of the journaled file without it being logged in the journal (with some unlikely exceptions.)
Journalling is also used for commitment control, and if you plan to reorganize a physical file and would like the ability to cancel the RGZPFM while it is executing. If you do not have the file journalled, you can not specify *YES on the AWLCANCEL parameter. If you do have *YES and the file is not journalled when the RGZPFM begins, it will fail.
Right, BigK,, the Journal tells who, when, the program used.
By comparting the before and after data you can tell what was changed.
You’re tone leads me to think you’re looking for someone who has intentionally sabotoged your system. I can speak from experience that these type of cases are rare. Before you blame someone you should know that minor program oversights can sometimes lead to unexpected outcomes. The journal is still the place to go to investigate these problems.