Last active
January 8, 2021 22:49
-
-
Save forstie/312904eea74dd3510bc39a8e5be77bad to your computer and use it in GitHub Desktop.
I was asked, "how can you detemine which user held a job queue"? While there is more than one approach to answering this question, here's an example that leverages the secure audit journal log.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- To be able to audit holding of a job queue, you need to: | |
-- 1) Enable object auditing | |
-- 2) Configure object auditing for specific job queues | |
cl: CHGSYSVAL SYSVAL(QAUDCTL) VALUE('*AUDLVL *OBJAUD *NOQTEMP'); | |
cl: CHGOBJAUD OBJ(QGPL/KIDDIEJOBQ) OBJTYPE(*JOBQ) OBJAUD(*CHANGE); | |
stop; | |
-- | |
-- T-ZC audit journal entry: | |
-- https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzarl/rzarlf77.htm | |
-- | |
-- ZC access type codes are documented here: | |
-- https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzarl/rzarlf79.htm | |
-- | |
-- JOBQ changes over the last 24 hours | |
-- | |
select entry_timestamp as when, | |
"CURRENT_USER" as user_name, job_name, job_user, job_number, | |
interpret(substr(entry_data, 12, 10) as char(10)) as jobq_lib, | |
interpret(substr(entry_data, 2, 10) as char(10)) as jobq_name, | |
interpret(substr(entry_data, 22, 8) as char(8)) as object_type, | |
case interpret(substr(entry_data, 30, 3) as decimal(5, 0)) | |
when 1 then 'ADD TO JOB QUEUE' | |
when 7 then 'CHANGE JOB QUEUE' | |
when 10 then 'CLEAR JOB QUEUE' | |
when 17 then 'DELETE FROM JOB QUEUE' | |
when 24 then 'HOLD JOB QUEUE' | |
when 37 then 'RELEASE JOB QUEUE' | |
else char(interpret(substr(entry_data, 30, 3) as decimal(5, 0))) | |
end as access_type | |
from table ( | |
qsys2.display_journal( | |
'QSYS', 'QAUDJRN', | |
STARTING_RECEIVER_NAME => '*CURAVLCHN', | |
journal_entry_types => 'ZC', | |
object_objtype => '*JOBQ', | |
starting_timestamp => current timestamp - 24 hours) | |
); | |
Fair point, added. Thank you Christian.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nice - very useful...! 👍
Shouldn't you have the parameter STARTING_RECEIVER_NAME => '*CURCHAIN' in your statement? Without STARTING_RECEIVER_NAME only data from the last receiver switch will be shown.