Hi Nathan
One way to get your list of profiles uses the SIMULATE command to make the data set look important (or
sensitive) to zSecure, and then select the profiles that protect these sensitive data sets. Unfortunately, the normal RACF newlist does not know
sensitivity (or SENSTYPE) but RACF_ACCESS does. RACF_ACCESS does not know how to print the ACL, but the individual entries on the Access Control List are available as records (or entries) in this newlist, and the normal profile fields can be referenced using the
implicit lookup operator :
simulate class=dataset senstype=SiteListIt resource=(,
IBMUSER.JOB.CNTL,
SYS1.AOSBN,
)
newlist type=racf_access
define idstar(access_nz) max(access) where id='*'
s priv_senstype=siteListIt
summary profile :uacc :audits :auditf idstar
The result looks like
R A C F A C C E S S A U T H O R I Z A T I O N S 14 Dec 2020 10:42
Profile UACC Success Failure IDSTAR
IBMUSER.*.** NONE READ
SYS1.*.** READ UPDATE UPDATE READ
Note: be sure to enter a comma after each dsname, this builds a
value list.
Also, you must allocate a CKFREEZE data set.
------------------------------
Rob van Hoboken
------------------------------