Hi everyone,

If I have a list of 30 datasets and want to create a report of which dataset profile protects each of them and the basic details of that profile (UACC, audit settings etc) what is the best way to do that using CARLA? I can do it for a single dataset using the BESTMATCH selection criteria but I haven't found an efficient way to do it for multiple datasets. Thanks very much.

------------------------------
NATHAN SHRIVE
------------------------------

Hi Nathan
One way to get your list of profiles uses the SIMULATE command to make the data set look important (or sensitive) to zSecure, and then select the profiles that protect these sensitive data sets.  Unfortunately, the normal RACF newlist does not know sensitivity (or SENSTYPE) but RACF_ACCESS does.  RACF_ACCESS does not know how to print the ACL, but the individual entries on the Access Control List are available as records (or entries) in this newlist, and the normal profile fields can be referenced using the implicit lookup operator :

simulate class=dataset senstype=SiteListIt resource=(,
IBMUSER.JOB.CNTL,
SYS1.AOSBN,
)
newlist type=racf_access
  define idstar(access_nz) max(access) where id='*'
  s priv_senstype=siteListIt
  summary profile :uacc :audits :auditf idstar

The result looks like

R A C F   A C C E S S   A U T H O R I Z A T I O N S   14 Dec 2020 10:42

Profile             UACC    Success Failure IDSTAR
IBMUSER.*.**        NONE            READ
SYS1.*.**           READ    UPDATE  UPDATE  READ

Note: be sure to enter a comma after each dsname, this builds a value list.
Also, you must allocate a CKFREEZE data set.

------------------------------
Rob van Hoboken
------------------------------

Hi Rob,

Thanks very much for your assistance. Unfortunately the client is running zSecure Admin 2.3.0, it looks like your solution doesn't work on that version as it does not recognize the sensetype= parameter. I get error CKR0981 12 Invalid SIM_CLASS_KEYWORD "SENSTYPE"

I did test it on another client that run 2.4.0 and it worked as you described.

------------------------------
NATHAN SHRIVE
------------------------------

Original Message:
Sent: Mon December 14, 2020 04:45 AM
From: Rob van Hoboken
Subject: CARLA to return dataset profiles that cover a list of datasets

Hi Nathan
One way to get your list of profiles uses the SIMULATE command to make the data set look important (or sensitive) to zSecure, and then select the profiles that protect these sensitive data sets.  Unfortunately, the normal RACF newlist does not know sensitivity (or SENSTYPE) but RACF_ACCESS does.  RACF_ACCESS does not know how to print the ACL, but the individual entries on the Access Control List are available as records (or entries) in this newlist, and the normal profile fields can be referenced using the implicit lookup operator :

simulate class=dataset senstype=SiteListIt resource=(,
IBMUSER.JOB.CNTL,
SYS1.AOSBN,
)
newlist type=racf_access
  define idstar(access_nz) max(access) where id='*'
  s priv_senstype=siteListIt
  summary profile :uacc :audits :auditf idstar

The result looks like

R A C F   A C C E S S   A U T H O R I Z A T I O N S   14 Dec 2020 10:42

Profile             UACC    Success Failure IDSTAR
IBMUSER.*.**        NONE            READ
SYS1.*.**           READ    UPDATE  UPDATE  READ

Note: be sure to enter a comma after each dsname, this builds a value list.
Also, you must allocate a CKFREEZE data set.

------------------------------
Rob van Hoboken
------------------------------

SENSTYPE in an alias of SENSITIVITY.  You would perhaps not be surprised to  know how many misspellings of sensitivity occur.  SIMULATE CLASS=DATASET SENSITIVITY=xxx works in 2.3.0.

------------------------------
Rob van Hoboken
------------------------------

Original Message:
Sent: Tue December 15, 2020 07:00 PM
From: NATHAN SHRIVE
Subject: CARLA to return dataset profiles that cover a list of datasets

Hi Rob,

Thanks very much for your assistance. Unfortunately the client is running zSecure Admin 2.3.0, it looks like your solution doesn't work on that version as it does not recognize the sensetype= parameter. I get error CKR0981 12 Invalid SIM_CLASS_KEYWORD "SENSTYPE"

I did test it on another client that run 2.4.0 and it worked as you described.

------------------------------
NATHAN SHRIVE
------------------------------

Thanks Rob, that worked perfectly.

------------------------------
NATHAN SHRIVE
------------------------------

Original Message:
Sent: Wed December 16, 2020 03:18 AM
From: Rob van Hoboken
Subject: CARLA to return dataset profiles that cover a list of datasets

SENSTYPE in an alias of SENSITIVITY.  You would perhaps not be surprised to  know how many misspellings of sensitivity occur.  SIMULATE CLASS=DATASET SENSITIVITY=xxx works in 2.3.0.

------------------------------
Rob van Hoboken

Original Message:
Sent: Tue December 15, 2020 07:00 PM
From: NATHAN SHRIVE
Subject: CARLA to return dataset profiles that cover a list of datasets

Hi Rob,

Thanks very much for your assistance. Unfortunately the client is running zSecure Admin 2.3.0, it looks like your solution doesn't work on that version as it does not recognize the sensetype= parameter. I get error CKR0981 12 Invalid SIM_CLASS_KEYWORD "SENSTYPE"

I did test it on another client that run 2.4.0 and it worked as you described.

------------------------------
NATHAN SHRIVE
------------------------------