Janos,

You can enable the 'audit.mgmt' auditing component (https://www.ibm.com/docs/en/sva/10.0.7?topic=logging-native-auditing) for the policy server to enable auditing of policy updates.  To do this you need to edit the ivmgrd.conf file and add a line similar to the following to the '[aznapi-configuration]' stanza:

logcfg = audit.mgmt:file path=audit.log,flush_interval=20,log_id=PDMgrAudit

After restarting the RTE you will then see audit events like the following generated for policy updates:

</event>                                                        

<event rev="1.2">                                               

<date>2024-04-18-07:01:36.413+10:00I-----</date>                

<outcome status="0">0</outcome>                                       

<originator blade="pdmgrd"><component rev="1.1">mgmt</component>                

<event_id>13120</event_id>                                                      

<action>13120</action>                                                          

<location>isva.config</location>                                                

</originator>                                                                   

<accessor name="">                                                              

<principal auth="IV_LDAP_V3.0" domain="Default">sec_master</principal>          

<name_in_rgy>cn=SecurityMaster,secAuthority=Default</name_in_rgy><user_location>

<mgmtinfo><command>ACL ATTACH</command><objname>/WebSEAL/isva.config-default/una

<parm><name>objid</name><value>/WebSEAL/isva.config-default/unauth.html</value><

<parm><name>aclname</name><value>test_1</value></parm>

</mgmtinfo>                    

<data>                                                          

</data>                   

</event> 

I hope that this helps.