Hi Linnea
No doubt, you found out there is no DEFDATE/CREADATE field in the application segments, so RACF does not keep track of the date when a (TSO, OMVS, etc) segment was created.
If you have zSecure Command Verifier installed, you can activate the Command Audit Trail (CAT) for RACF commands that change profiles. Define C4R.*.=CMDAUD.** and RACF commands changing profiles are annotated in the profile that was just modified. The whole resource name is
C4R.class.=CMDAUD.data-type.profile-identificationso you can limit the CAT to, for example, USER profiles by defining C4R.USER.=CMDAUD.** These are switch profiles and do not require PERMITs. Note that CAT entries are stored inside the profile, so the size of profiles will increase. Large groups with frequent changes will get larger.
Now, when CAT is activated, you can issue a RACF LISTxxxx or RLIST command for the profile, and Command Verifier adds an interpretation of the CAT at the end of the command output, like this:
C4R736I Command Audit Trail for USER MYUSER
C4R739I Segment: CICS Changed on 17.005/12:14 by MYUSER
C4R739I Added on 17.005/12:48 by MYUSER
C4R739I Removed on 17.005/12:48 by MYUSER
C4R739I OMVS Added on 16.116/13:58 by RACFADM
C4R739I Changed on 20.168/11:24 by MYUSER
C4R739I TSO Added on 16.116/13:54 by RACFADM
C4R739I Changed on 16.172/16:57 by MYUSER
C4R739I WORK Added on 18.304/10:59 by MYUSER
C4R739I Attrib: SPEC Added on 16.119/12:30 by RACFADM
C4R739I OPER Removed on 18.122/12:16 by MYUSER
C4R739I UAUDIT Added on 18.142/16:38 by MYUSER
C4R739I Removed on 18.142/16:41 by MYUSER
C4R739I AUDITOR Added on 20.073/14:45 by MYUSER
C4R739I Removed on 20.073/14:46 by MYUSER
C4R739I PASSWRD Added on 16.116/13:55 by RACFADM
C4R739I Changed on 17.150/10:58 by HELPDESK
C4R739I INTERV Added on 16.116/13:54 by RACFADM CMD-RC=04
C4R739I REVOKE Removed on 16.309/10:17 by MYUSER
C4R739I RESUME Added on 20.041/16:52 by MYUSER
C4R739I ROAUDIT Added on 18.103/12:33 by MYUSER
C4R739I Removed on 18.311/14:50 by MYUSER
C4R739I OWNER Added on 16.116/13:54 by RACFADM
C4R739I Changed on 19.104/17:16 by MYUSER CMD-RC=04
C4R739I DFLTGRP Added on 16.116/13:54 by RACFADM
C4R739I Changed on 17.221/11:18 by MYUSER
C4R739I NAME Changed on 16.116/13:55 by RACFADM
In the 5th line of this report you see that the OMVS segment was added on 16.116. Unfortunately, there is no CARLa equivalent to this output, so you have to tinker your own CARLa code together. The OMVS segment statistics are kept in a USRDATA field with name $V4RSOMVS and we can print it like so:
n type=racf
define CAT_OMVS subselect usr(usrnm=$C4RSOMV)
s c=user usrnm=$C4RSOMV
sortlist profile(8) CAT_OMVS
Output for the same user ID looks like:
Profile CKGRACF data
MYUSER $C4RSOMV 00 A,16116/1358,RACFADM,00;C,20168/1124,MYUSER,00
All you have to do is write the $C4RSOMV entries to a flat file, find the "A" sections (added), translate the julian date into usable information and print it. I would give you a two-pass CARLa but unfortunately it is unable to translate the JULDATE field properly. Rexx is your go to.
Alternatively, you could use SMF because those ALTUSER xxx OMVS( ) commands are surely visible in SMF.
newlist type=smf title="Adding/modifying OMVS segment fields"
select event=altuser racfcmd_keywords=omvs date>=today-7
sortlist date time user("Admin") racfcmd(hor,0)
results in
Date Time User RACF cmd
16 Jun 2020 11:24 MYUSER ALTUSER MYUSER OMVS(UID(0))
Adding those extra fields:
userid is racfcmd_user
name is racfcmd_user:name
uid is racfcmd_user:uid
but there is no lookup for the CSDATA segment fields, so you have to add those from an external file.
------------------------------
Rob van Hoboken
------------------------------