What ever your security server may be (RACF, CA-ACF2, CA-TSS) audit the successful use of the program IND$FILE so that all executions are logged. For RACF, it will appear in the SMF80 records.
Failing that, write a front end to IND$FILE that cuts a user SMF record or something that can happen asynchronously (not a file unless you like a lockout). (Security people don't like you snooping in their information.) Rob Weiss IBM Corporation z/Security and Privacy Consultant POK Lab Services ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
