Viewing Security Object Data in the Investigator › Security Events › USS User Services

USS User Services

The Investigator lets you review events that are related to calls made through UNIX System Services (USS) to the System Authorization Facility (SAF).

CA Chorus for Security and Compliance Management lets you view the following user service events:

USS InitUSP

Indicates each instance when this service verifies that a user is authorized to use z/OS UNIX and sets security attributes for the calling process.

USS DeleteUSP

Indicates each instance when this service deletes the calling process security environment.

USS R_setuid

Indicates each instance of a setuid event, which lets a user run an executable based on the executable owner permissions.

USS R_seteuid

Indicates when this service checks if the user has the authorization to modify z/OS UNIX UIDs and changes the effective UID for the current process.

USS R_setgid

Indicates when a user setgid event occurs, which lets a user run an executable based on the permissions of the executable group.

USS R_setegid

Indicates when a user changes the owner of a file.

USS InitACEE

Indicates each instance when a user invokes this callable service. The initACEE service provides the following:

• Interface to create and manage security contexts.
• Interface to register and deregister certificates.
• Interface to query a certificate to determine an association with a user ID.