Greetings, I have gone down the path of using CARLa to check WHEN(PROGRAM) Permits, with the goals of checking things such as:
- Ensuring the PROGRAM specified on the permit actually exists somewhere on the system
- Ensuring the Dataset(s) the PROGRAM reside(s) in are defined as members in the RACF PROGRAM class
Starting down this path I didn't find anything under the RE.P.P panels along this lines, so I went to see what I could do with CARLa. First, I wanted to capture all WHEN(PROGRAM) Permits in RACF using something like:
newlist type=racf nodup pl=0 nopage header=column retain
define sub_acl subselect acl(whenclass(PROGRAM))
select segment=base acl(whenclass(PROGRAM))
sortlist,
class,
profile,
sub_acl("ACL Type",8),
sub_acl("ACL ID",aclid),
sub_acl("Access",aclaccess),
sub_acl("Via",aclvia,0)
This displayed data similar to the below for the "ACL ID", "Access" and "Via" fields:
ACL ID Access Via
ADAM(PROGRAM=GOODPROG) ALTER,PROGRAM=GOODPROG ADAM PROGRAM GOODPROG
However, is there a way in CARLa to only return the "GOODPROG" program name? I have been able to send this to an output dataset then reading it in again with a custom deftype, and 2-Pass newlist type=r_pgm CARLa to find the related dataset names the modules reside in, but this is far from ideal.
Appreciate any guidance, especially if something similar to this already exists that I'm overlooking in the "AU" Audit checks available.
------------------------------
Adam Klinger
------------------------------