Starting in this release, administrators with the appropriate privileges can set ACL entries to audit access attempts for specific files or specific directories.
Previously, administrators could determine every time a particular user or group accessed files by looking for those files in the audit logs, but they could not specify in advance which files or directories were to be audited. Now, administrators can configure a specific set of files or directories to be audited based on the access attempts for those files.
In addition, previously when an NFS client or SMB client accessed files on a remote Oracle Solaris server, this activity could not be audited. Starting in this release, local, NFS, and SMB access or failed access to a ZFS file or directory may result in the generation of an audit record depending on that file or directory's audit ACL entries.
For information, see Specifying Files or Directories to Be Audited.