IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Get max/last date AND convert from tod to $date using CARLa.

  • 1.  Get max/last date AND convert from tod to $date using CARLa.

    Posted Thu September 16, 2021 03:09 PM

    I am working on the mofied CARLa taken from zSecure =AM.4 (Connect Usage) at the bottom of this question.

    I need the 'lastuse' variable to be in $date format which means it has to be converted from tod to $date format

    as convert(access_lastuse,tod,date)

    but convert() seems to be incompatible with the lastuse/max condition

    max(access_lastuse)

    After reviewing the DEFINE and LIST sections of the CARLa manual I've unsuccessfully tried a few variations of this CARLa.

    How can I define the 'lastuse' variable as both the maximum of access_lastuse AND convert it from tod to $date format?

    newlist type=RACF_ACCESS nodetailinherit required pl=0 define count_suc(7,"Allowed",udec$abbr,bw,noprop) sum(access_count_suc) define count_vio(5,"Deny",udec$abbr,bw,noprop) sum(access_count_vio) define count_unk(5,"Unexp",udec$abbr,bw,noprop) sum(access_count_unk) define lastuse("LastUse",noprop) max(access_lastuse) select id=xxxxxxxx class=group summary profile(pas,key,8,"Group") complex profile:instdata(40) count_suc(key) count_vio(key) count_unk(key) lastuse(key)


    #ZSecurity
    #Support
    #SupportMigration


  • 2.  RE: Get max/last date AND convert from tod to $date using CARLa.
    Best Answer

    Posted Thu September 16, 2021 06:09 PM

    Michael,

    Using the example CARLa code from AM.4, you will need to add a line of code to put the access_lastuse field into something that can be used by $DATE to format the output into a YYYY-MM-DD format. The ACCESS_LASTUSE variable is in an internal TOD format which cannot be used by $DATE. We need to do two things: 1) convert TOD into one of the formats that $DATE can use and 2) display the converted date format as a YYYY-MM-DD format.

    To accomplish the first goal, we can convert TOD into a Julian date format with this DEFINE statement

    define jul_lastuse(juldate) as convert(access_lastuse,tod,date)

    To accomplish the second goal, we can use $DATE as an output modifier for displaying the jul_lastuse variable

    jul_lastuse(12,$DATE,"YYYY-MM-DD",key),

    A partial screen capture of the output from the code I will include looks like this

    Allowed Deny Unexp LastUse YYYY-MM-DD 5 0 0 4May2021 2021-05-04

    Here is my code (shortened from what is generated by AM.4 as I didn't need everything.

    n type=RACF_ACCESS name=CTBYCOND nodetailinherit required, st="All access monitor records" I=CTBYCONN, t="Connect authority use, by group" /* generated by CKRP3AMX */ define count_suc(7,"Allowed",udec$abbr,bw,noprop) sum(access_count_suc) define count_vio(5,"Deny",udec$abbr,bw,noprop) sum(access_count_vio) define count_unk(5,"Unexp",udec$abbr,bw,noprop) sum(access_count_unk) define lastuse(9,"LastUse",noprop) max(access_lastuse) define firstuse(7,"Firstuse",noprop) min(access_lastuse) define prof#(5,"Prof",dec,bw,noprop) sumcount define auth#(5,"Auth",dec,bw,noprop) count define Miss#(7,"Missing",dec,noprop) count where (proftype="missing"C) define Pres#(8,"Permits",dec,noprop) count where (proftype<>"missing"C) define Perm#(8,"Permits and UACC",dec,noprop) count define jul_lastuse(juldate) as convert(access_lastuse,tod,date) select ,class=GROUP display id(nd), access_count_suc(7,key), access_count_vio(5,"Deny",key), access_count_unk(5,key), access_lastuse(10,"LastUse",key), jul_lastuse(12,$DATE,"YYYY-MM-DD",key), id(pas,"Userid",key) access(7) id:name, id:revoke(1) | id:revoke_inactive(1), id:dfltgrp id:instdata

    I used Julian date, because that was what was used in this excellent example from Rob van Hoboken in answering a similar question. You can read his excellent and detailed description of converting date formats at this link

    https://community.ibm.com/community/user/security/communities/community-home/digestviewer/viewthread?GroupId=3463&MessageKey=69a57c47-4fce-4a91-bbe3-aed919c756e8&CommunityKey=44eb7c0d-9bc2-419b-9158-ad693e734065&tab=digestviewer

    Alan


    #ZSecurity
    #Support
    #SupportMigration


  • 3.  RE: Get max/last date AND convert from tod to $date using CARLa.
    Best Answer

    Posted Thu September 16, 2021 08:53 PM

    Thank Alan for the refresher on date conversions and the link.

    My issue is that I need to convert to $date format AND ensure the value displayed is the latest/most recent date because the 'define lastuse' statement is creating a summary variable. In other words there's multiple dates possible and I need to ensure the most recent date is displayed in the summary (using the $date format already mentioned).

    I did read through the link you provided and it contained my solution at the very end. Just like Adam K- I didn't realize I could use 'max' as a modifier in the summary statement.

    Here's the final solution for my problem:

    newlist type=RACF_ACCESS nodetailinherit required pl=0 define count_suc(7,"Allowed",udec$abbr,bw,noprop) sum(access_count_suc) define count_vio(5,"Deny",udec$abbr,bw,noprop) sum(access_count_vio) define count_unk(5,"Unexp",udec$abbr,bw,noprop) sum(access_count_unk) define lastuse("LastUse",$date,noprop) as convert(access_lastuse,tod,date) select id=xxxxxxxx class=group summary profile(pas,key,8,"Group") complex profile:instdata(40) count_suc(key) count_vio(key) count_unk(key) lastuse(key,max)


    #Support
    #ZSecurity
    #SupportMigration


Related Content