IBM Security Z Security

 View Only
Expand all | Collapse all

Displaying Access List of General Resources and adding CSDATA

  • 1.  Displaying Access List of General Resources and adding CSDATA

    Posted Tue June 16, 2020 01:39 PM
    We are wanting to report on users that have attributes like SPECIAL, AUDITOR, and ROAUDIT.  As part of the output they are wanting to display several fields from CSDATA segment like HRID and Accounting Unit(AU).    I was successfully able to do that for the System and Group level attributes and for CLAUTH.

    But we are also using CTLSPEC in Command Verifier.   So I wanted to list all the users that had access to the various profiles that match the mask of C4R.*.=CTLSPEC.    That part is not an issue.  But what I can't seem to get to work is when the ACL is resolved how to insert some of the CSDATA segment fields to the report.   Is this possible?

    ------------------------------
    Linnea Sullivan
    ------------------------------


  • 2.  RE: Displaying Access List of General Resources and adding CSDATA

    IBM Champion
    Posted Wed June 17, 2020 06:04 AM
    Edited by Rob van Hoboken Wed June 17, 2020 06:19 AM

    Hi Linnea
    I assume you were using a DEFTYPE file with user ID and corresponding CSDATA value, and a look-up from ACL?  ACL is actually not (just) the user ID, but a structure of information.  Even when you modify ACL into ACL(ACLID) or ACL(RESOLVE,ACLID), internally it still is not the 8 byte field that you need for the look-up.
    You could write the whole XFACILIT profile report to an external data set using

    newlist type=racf retain nopage dd=$PROFLST
      select class=xfacilit filter=c4r.**
      sortlist profile acl(resolve)

    then in the next JCL step, you read the $PROFLST dd name into 2 columns
    profile (44 bytes)
    userid (8 bytes)
    access (7 bytes)

    and with the 8 byte user ID value, you can do a DEFTYPE look-up.



    ------------------------------
    Rob van Hoboken
    ------------------------------