IBM Security Z Security

 View Only
  • 1.  zSecure CARLa: ACCESS_FIRSTUSE / ACCESS_LASTUSE Date Formatting

    Posted Thu February 27, 2020 04:48 PM
    I'm looking to perform the following zSecure CARLa date conversions to have 3 columns using data from newlist type=racf_access_id:

    ACCESS_FIRSTUSE -- Julian Format
    ACCESS_LASTUSE  -- Julian Format
    Days between today and ACCESS_LASTUSE

    Based on the below thread and some testing it seems this is not currently easily supported:

    https://www.ibm.com/developerworks/community/forums/html/topic?id=7bf6b491-e225-48aa-8b2e-7bd562a116c5

    Is this true, and if so can this conversion be performed without using 2-pass CARLa?

    ------------------------------
    Adam Klinger
    ------------------------------


  • 2.  RE: zSecure CARLa: ACCESS_FIRSTUSE / ACCESS_LASTUSE Date Formatting

    Posted Fri February 28, 2020 02:30 AM
    Hi Adam,

    What I can say is that the query from the thread you point to issues a CKR0467 in 2.3.1, but not any more in 2.4 when I run it.

    Regards,

    --Jeroen

    ------------------------------
    Jeroen Tiggelman
    Software Development and Level 3 Support Manager IBM Security zSecure Suite
    IBM
    Delft
    ------------------------------



  • 3.  RE: zSecure CARLa: ACCESS_FIRSTUSE / ACCESS_LASTUSE Date Formatting

    IBM Champion
    Posted Fri February 28, 2020 03:48 AM
    You need a list of user ids in RACF, and their first and last activity from ACCESS records:

    newlist type=racf_access_id
       select exists(access_lastuse)
       sortlist id access_firstuse(30) access_lastuse(30)

    Id       First use                      Last use
             25 Feb 2020 03:36:05.792393    25 Feb 2020 22:45:45.168493
    AXRUSER  25 Feb 2020 22:45:02.436973    25 Feb 2020 23:00:27.159929
    CICSUSER 25 Feb 2020 22:54:48.295698    25 Feb 2020 22:54:48.295740
    CICS55   25 Feb 2020 18:19:37.155836    25 Feb 2020 22:52:54.001255
    CKNSERVE 25 Feb 2020 05:13:46.090295    25 Feb 2020 22:50:22.046407
    C2PACMON 24 Feb 2020 23:00:43.210842    24 Feb 2020 23:01:10.707113
    C2POLICE 25 Feb 2020 22:19:50.797892    25 Feb 2020 22:19:50.799003
    C2PSUSER 24 Feb 2020 23:19:50.620559    25 Feb 2020 22:20:01.309333

    These values are stored as TOD (hardware clock) and have limited support for date/time formats.  So we must first convert them to the internal format that zSecure uses:

    newlist type=racf_access_id
       define jul_firstuse as convert(access_firstuse,tod)
       define jul_lastuse as convert(access_lastuse,tod)
       select exists(access_lastuse)
       sortlist id jul_firstuse(30) jul_lastuse(30)

    Id       First use                      Last use
             25 Feb 2020 03:36:05.79        25 Feb 2020 22:45:45.16
    AXRUSER  25 Feb 2020 22:45:02.43        25 Feb 2020 23:00:27.15

    Now, in the convert we change the internal format from date and time into only date and apply the juldate overriding format:

    newlist type=racf_access_id
      define jul_firstuse(juldate) as convert(access_firstuse,tod,date)
      define jul_lastuse(juldate) as convert(access_lastuse,tod,date)
      select exists(access_lastuse)
      sortlist id jul_firstuse jul_lastuse

    Presto:

    Id       First use Last use
             2020/056  2020/056
    AXRUSER  2020/056  2020/056

    CARLa programs are unable to perform mathematics on fields, such as "today-jul_lastuse" so showing how may days ago access_lastuse was is out of scope.  You might want to get in the IP list of the relevant RFE.

    ------------------------------
    Rob van Hoboken
    ------------------------------



  • 4.  RE: zSecure CARLa: ACCESS_FIRSTUSE / ACCESS_LASTUSE Date Formatting

    Posted Thu March 05, 2020 08:05 AM
    Thanks, this is plenty to get me going and to better understand how to perform data type conversions in CARLa

    I do fondly recall the topic of "CARLa programs are unable to perform mathematics on fields" and will look to open a related RFE (I'm sure a few are out there already!)

    ------------------------------
    Adam Klinger
    ------------------------------



  • 5.  RE: zSecure CARLa: ACCESS_FIRSTUSE / ACCESS_LASTUSE Date Formatting

    Posted Tue February 23, 2021 08:18 AM
    Bumping an old Thread since my question is an extension to the good information already in here.

    Can this method be used to convert a date returned from functions such as max/min? One example of this is the newlist type=racf_access which AM.4 uses and a snippet is below:
    define lastuse(7,"LastUse",noprop) max(access_lastuse)
    define firstuse(7,"Firstuse",noprop) min(access_lastuse)
    Summary lastuse(14)
    ​

    In the above, I'd want the "lastuse" field in the summary section to be a juldate format, my efforts so far have apparently been off track since I've been getting blank fields.




    ------------------------------
    Adam Klinger
    ------------------------------



  • 6.  RE: zSecure CARLa: ACCESS_FIRSTUSE / ACCESS_LASTUSE Date Formatting

    IBM Champion
    Posted Tue February 23, 2021 08:45 AM
    Edited by Rob van Hoboken Tue February 23, 2021 09:13 AM

    Hi Adam
    ACCESS_LASTUSE is a TOD field and you can see this with the command FIELDS RACF_ACCESS.
    A statistic of a TOD field, as you showed in the DEFINE command, is still a TOD field.
    Therefore, a SUMMARY of a TOD field shows a TOD (date and time) with limited support for formats.

    In February last year I showed you how to convert the (original) TOD field to a date-time field:
    newlist type=racf_access_id
       define jul_firstuse as convert(access_firstuse,tod)
       define jul_lastuse as convert(access_lastuse,tod)
       select exists(access_lastuse)
       sortlist id jul_firstuse(30) jul_lastuse(30)

    The 3rd parameter of the CONVERT function can change it into a DATE field like so:
    newlist type=racf_access_id
      define jul_firstuse(8,juldate) as convert(access_firstuse,tod,date)
      define jul_lastuse(8,juldate) as convert(access_lastuse,tod,date)
      select exists(access_lastuse)
      sortlist id jul_firstuse jul_lastuse
      summary class jul_firstuse(min) jul_lastuse(max)

    ------------------------------
    Rob van Hoboken
    ------------------------------



  • 7.  RE: zSecure CARLa: ACCESS_FIRSTUSE / ACCESS_LASTUSE Date Formatting

    Posted Wed February 24, 2021 07:39 AM
    Thank you Rob.. the key piece I was overlooking is the ability to specify min / max on the summary statement itself!

    ------------------------------
    Adam Klinger
    ------------------------------