iSeries V5R3 Command line access tracking

85 pts.
IBM iSeries
iSeries command line
Is there any way to track who is using the command line and what they are using it for? Want to put certian commands on a menu for our users to get to so I can take away command line access. Hoping there is a way to see who is currently using it and for what. Thanks Ann

Answer Wiki

Thanks. We'll let you know when a new response is added.

Yes. Command Line access is granted at the *USRPRF level on the “Limit Capabilities” (LMTCPB) parameter. The valid values are Yes, No, and Partial. Values “No” and “Partial” grant command line access. (However, just because someone has command line access doen’t necessarily give that someone authority to a particular command. ) So if you are *SECOFR or have *ALLOBJ authority you can very easily see who does/does not have Command Line access. What they are using it for is another matter. You could do it – but it isn’t an “easy” matter. One “easier” way to track command execution is to examine the interactive job’s Job Log. But to do that, you would have to make sure that the job log (*SPLF) got created every time the user signed off. If any of the users have *JOBCTL capabilities, they could foil your attempts to track their activity by changing the own interactive job to not produce a job log or change the level of detail created. At any rate, if you are able to create a job log 100% of the time, you could then write a program to interogate the user’s job log to capture the information. That too would not be an “easy” task. But it is do-able. Hopefully this helps.


To track command-line usage, you can enable auditing and specify CHGUSRAUD AUDLVL(*CMD) for any users you need to track.

Commands from those users will be recorded in the system audit journal along with any other events you have enabled for auditing.


Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Prashantmb
    I have enabled user's cmd line auditing using the command CHGUSRAUD USRPRF(USERNAME) AUDLVL(*CMD *DELETE *CREATE). When I look at the logs captured, I see that apart from the commands typed by the user at the terminal, the other commands that get fired internally on behalf of the user are also captured. Is there a way to skip capturing the internal commands ? regards, Prashant
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: