If there is only one or two users who have that authority, it's easier to track. If you have many users with that much authority, it becomes easier to cover tracks and hinder detection.
If you allow authority to a user and the user uses that authority, is there a reason for checking? Was the job ended, or was the scheduling changed?
You might run DSPLOG with QSECIDL1 as the job name to see what the history log shows. If you are tracking job accounting, you can search the QACGJRN journal for job actions for QSECIDL1. If you're auditing jobs, you can look in QAUDJRN for QSECIDL1.
What is your system configured to do in relation to your question?
Tom
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!
Discuss This Question: 1  Reply