IBM Security Z Security

Good Morning,

regarding "Table of relocate section variable data" of SMF records type 80 in the manual "Security Server RACF Macros and Interfaces" :

Is there any opportunity to read out contents of such an relocate section by Carla means ?

I saw that there are a couple of Carla fields such as RELOCATE etc. for the SMF newlist but I don't know how handle it .  

I made a few attempts by using define-substring-fuction   define #lyse4 as substring(record,xx,yy) just to extract information out of a SMF 80 record

such as  "Offset to the first relocate section " or "Offset to extended-length relocate sections" .

But then I've got no idea how to go on . 


example: I want to know contents of  "20(14)  8  EBCDIC     Application name (RACROUTE REQUEST=VERIFY and VERIFYX)" 



Can I extract this contents at all ?

Any hint or any idea ?

Best Regards
Rüdiger Lukas

------------------------------
Ruediger Lukas
------------------------------

Hi Rüdiger,

CARLa has the RACF_SECTION function on the DEFINE command for this. RACF_SECTION is briefly described in the list of SMF fields, but the real documentation is in section "Defining fields in SMF records" under the DEFINE command.

You would code something like

define type=smf _applname as racf_section(20)​

I hope this helps,

------------------------------
Jeroen Tiggelman
Software Development and Level 3 Support Manager IBM Security zSecure Suite
IBM
Delft
------------------------------

Original Message:
Sent: Wed January 12, 2022 06:40 AM
From: Ruediger Lukas
Subject: Relocate Section SMF record type 80

Good Morning,

regarding "Table of relocate section variable data" of SMF records type 80 in the manual "Security Server RACF Macros and Interfaces" :

Is there any opportunity to read out contents of such an relocate section by Carla means ?

I saw that there are a couple of Carla fields such as RELOCATE etc. for the SMF newlist but I don't know how handle it .  

I made a few attempts by using define-substring-fuction   define #lyse4 as substring(record,xx,yy) just to extract information out of a SMF 80 record

such as  "Offset to the first relocate section " or "Offset to extended-length relocate sections" .

But then I've got no idea how to go on . 


example: I want to know contents of  "20(14)  8  EBCDIC     Application name (RACROUTE REQUEST=VERIFY and VERIFYX)" 



Can I extract this contents at all ?

Any hint or any idea ?

Best Regards
Rüdiger Lukas

------------------------------
Ruediger Lukas
------------------------------

Hello Jeroen,

thx a lot !  
Your advice helped and "opened my eyes" .
So it's clear to me how to get the information I need .
I created a short Carla procedure with "RACF_SECTION" and it works properly .

@Rob : Thx for the hint managing the output .​

Best Regards
Rüdiger

------------------------------
Ruediger Lukas
------------------------------

Original Message:
Sent: Wed January 12, 2022 07:08 AM
From: Jeroen Tiggelman
Subject: Relocate Section SMF record type 80

Hi Rüdiger,

CARLa has the RACF_SECTION function on the DEFINE command for this. RACF_SECTION is briefly described in the list of SMF fields, but the real documentation is in section "Defining fields in SMF records" under the DEFINE command.

You would code something like

define type=smf _applname as racf_section(20)​

I hope this helps,

------------------------------
Jeroen Tiggelman
Software Development and Level 3 Support Manager IBM Security zSecure Suite
IBM
Delft

Original Message:
Sent: Wed January 12, 2022 06:40 AM
From: Ruediger Lukas
Subject: Relocate Section SMF record type 80

Good Morning,

regarding "Table of relocate section variable data" of SMF records type 80 in the manual "Security Server RACF Macros and Interfaces" :

Is there any opportunity to read out contents of such an relocate section by Carla means ?

I saw that there are a couple of Carla fields such as RELOCATE etc. for the SMF newlist but I don't know how handle it .  

I made a few attempts by using define-substring-fuction   define #lyse4 as substring(record,xx,yy) just to extract information out of a SMF 80 record

such as  "Offset to the first relocate section " or "Offset to extended-length relocate sections" .

But then I've got no idea how to go on . 


example: I want to know contents of  "20(14)  8  EBCDIC     Application name (RACROUTE REQUEST=VERIFY and VERIFYX)" 



Can I extract this contents at all ?

Any hint or any idea ?

Best Regards
Rüdiger Lukas

------------------------------
Ruediger Lukas
------------------------------

HI In addition, I find the following useful when debugging / designing reports for RACF 

As Rob mentioned, many , if not most/all RACF fields already have fields meaning you may not need to use that technique for RACF events. It does mean that if you have an old release of zSecure and new RACF maintenance is applied that creates new relocatable sections, you can report on them right away with a bit of CARLa programming.

When debugging / initially designing a report, I find these two techniques useful:

1. Use relocate(hor) to get a list of the relocate sections in your RACF smf record
2  Use dump format to see the whole SMF record 

You can similarly handle standard SMF sections with 
or if in a fixed position and finally, for non RACF records, you may find field recorddesc useful (eventdesc is only for RACF records)

------------------------------
Simon Dodge
------------------------------

Original Message:
Sent: Wed January 12, 2022 08:09 AM
From: Ruediger Lukas
Subject: Relocate Section SMF record type 80

Hello Jeroen,

thx a lot !  
Your advice helped and "opened my eyes" .
So it's clear to me how to get the information I need .
I created a short Carla procedure with "RACF_SECTION" and it works properly .

@Rob : Thx for the hint managing the output .​

Best Regards
Rüdiger

------------------------------
Ruediger Lukas

Original Message:
Sent: Wed January 12, 2022 07:08 AM
From: Jeroen Tiggelman
Subject: Relocate Section SMF record type 80

Hi Rüdiger,

CARLa has the RACF_SECTION function on the DEFINE command for this. RACF_SECTION is briefly described in the list of SMF fields, but the real documentation is in section "Defining fields in SMF records" under the DEFINE command.

You would code something like

define type=smf _applname as racf_section(20)​

I hope this helps,

------------------------------
Jeroen Tiggelman
Software Development and Level 3 Support Manager IBM Security zSecure Suite
IBM
Delft

Original Message:
Sent: Wed January 12, 2022 06:40 AM
From: Ruediger Lukas
Subject: Relocate Section SMF record type 80

Good Morning,

regarding "Table of relocate section variable data" of SMF records type 80 in the manual "Security Server RACF Macros and Interfaces" :

Is there any opportunity to read out contents of such an relocate section by Carla means ?

I saw that there are a couple of Carla fields such as RELOCATE etc. for the SMF newlist but I don't know how handle it .  

I made a few attempts by using define-substring-fuction   define #lyse4 as substring(record,xx,yy) just to extract information out of a SMF 80 record

such as  "Offset to the first relocate section " or "Offset to extended-length relocate sections" .

But then I've got no idea how to go on . 


example: I want to know contents of  "20(14)  8  EBCDIC     Application name (RACROUTE REQUEST=VERIFY and VERIFYX)" 



Can I extract this contents at all ?

Any hint or any idea ?

Best Regards
Rüdiger Lukas

------------------------------
Ruediger Lukas
------------------------------

If you want to find out the relocate codes that appear in your SMF records, you could use


Now for each of those numbers, you want to see the values produced, so you write


(ne) is short for "not empty" and suppresses output when the variable part of the line is empy. 

Obviously, I tried to generate these lines automatically, using the summary at the top, but summary refuses the RELOCATE field twice at the same summary level.  Silly restriction, but there you have it.  I'm sure you can use Rexx or ISPF Edit to do the repetitive work.

If you want, you can use relocate numbers greater than 255 to cover the extended relocate codes.

------------------------------
Rob van Hoboken
------------------------------

You may also want to add a length value that SORTLIST uses on output, and a title, for the new output field:

define type=smf _applname("Appl",8) as racf_section(20)​​

and you should be aware that many of the SMF fields already have a CARLa field name assigned, I believe APPL reflects relocate 20.  You can also use the data dictionary function (IN.D, information format 2) to print the field names + values found in SMF records that you have in your set of input files.

------------------------------
Rob van Hoboken
------------------------------

Original Message:
Sent: Wed January 12, 2022 06:40 AM
From: Ruediger Lukas
Subject: Relocate Section SMF record type 80

Good Morning,

regarding "Table of relocate section variable data" of SMF records type 80 in the manual "Security Server RACF Macros and Interfaces" :

Is there any opportunity to read out contents of such an relocate section by Carla means ?

I saw that there are a couple of Carla fields such as RELOCATE etc. for the SMF newlist but I don't know how handle it .  

I made a few attempts by using define-substring-fuction   define #lyse4 as substring(record,xx,yy) just to extract information out of a SMF 80 record

such as  "Offset to the first relocate section " or "Offset to extended-length relocate sections" .

But then I've got no idea how to go on . 


example: I want to know contents of  "20(14)  8  EBCDIC     Application name (RACROUTE REQUEST=VERIFY and VERIFYX)" 



Can I extract this contents at all ?

Any hint or any idea ?

Best Regards
Rüdiger Lukas

------------------------------
Ruediger Lukas
------------------------------