I'm using some of the zSecure panels to model some CARLa code to report on resources in the CDT for the Omegamon products. See the following result of my madness:
Enter GO or RUN to execute commands, SUB or SUBMIT to generate batch job
n n=OMEGAMON segment=base required allowrestrict header=no,
,
tt="OMEGAMON Products-UACC(NONE) AUDIT(ALL(READ))"
def singledsn("Only one data set per volume",flag,p) boolean,
where(singleds)
s c=general and s=base c=O*CANDL1 ,
key=CICS.*.INITIAL or key=CICS.*.INITIAL0 or
key=CICS.*.INITIAL1 or key=CICS.*.INITIAL2 or
key=CICS.*.INITIAL3 or key=CICS.*.INITIAL4 or
key=DB2*.INITIAL or key=DB2*.INITIAL0 or
key=DB2*.INITIAL1 or key=DB2*.INITIAL2 or
key=DB2*.INITIAL3 or key=DB2*.INITIAL4 or
key=MVS*.INITIAL or key=MVS*.INITIAL0 or
key=MVS*.INITIAL1 or key=MVS*.INITIAL2 or
key=MVS*.INITIAL3 or key=MVS*.INITIAL4
sortlist class(tt,page) complex(nd,page) searchkey(nd) segment(nd),
"complex"(tt) complex(tt) stamp(tt) segment(tt),
searchkey(nondispl),
/ "= = = = = = = = = = = = = = = = = = = = = = = ="(cp(7)) "= = = = =
= = = = = = = = =",
/ "Identification",
/ "--------------",
/ class(p),
/ key(0,wrap,p,"Profile name"),
/ proftype(p),
/ owner(p) owner:name owner:instdata(0,wrap),
/ volser(p,0,hor,notempty,ww),
/ ,instdata(p,0,wrap,ne),
/ appldata(p,wrap,notempty,0), ,
/ acl(sort(USER),header,resolve,51) acl:revoke(hb,1) |,
/ acl:revoke_inactive(hb,1) acl:name(trunc) acl:dfltgrp(trunc),
/ acl:instdata(0,trunc),
/ / memlst(header,0,sort,hor,ww),
/ / "Safeguards"(38,cp(6)) "Other permissions",
/ "----------"(38) "-----------------",
/ notify(8,p) warning(p,yesno),
/ audits(8,p) uacc(p),
/ auditf(8,p) level(d,p),
/ gaudits(p,allowrestrict,notempty),
/ gauditf(p,allowrestrict,notempty),
/ singledsn(p,ne),
/ / "Mandatory Access Control"(38,cp(5)) "Statistics",
/ "------------------------"(38) "----------",
/ seclabel(p) defdate(p,9),
/ seclevel(p,notempty),
/ category(p,hor,wrap,0,notempty),
/ auditconcern(d,header,ct,0,wordwrap),
/ userdata(header,0),
/ cngauth(header,0),
/ cmdspend(header,0),
/ cmdsact(header,0),
/ cmdsinact(header,0),
/ cmdsexec(header,0),
/ ckgauth_internal(header),
/ cngother(header,0)
The above CARLa program will create this report for me:
OMEGAMON Products-UACC(NONE) AUDIT(ALL(READ))OCCANDL1 complex TPX 30Jan2024 02:00 BASE
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Identification
--------------
Class OCCANDL1
Profile name CICS.*.INITIAL
Type GENERIC
Owner DATASEC AADB - SECURITY ADMINISTRATION SERVICES
Safeguards Other permissions
---------- -----------------
User to notify of violation Allow all accesses WARNING No
Audit success access level Universal access authority NONE
Audit failures access level READ Resource level 0
Mandatory Access Control Statistics
------------------------ ----------
Security label Creation date 22Sep2006
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Identification
--------------
Class OCCANDL1
Profile name CICS.*.INITIAL0
Type GENERIC
Owner DATASEC AADB - SECURITY ADMINISTRATION SERVICES
Safeguards Other permissions
---------- -----------------
User to notify of violation Allow all accesses WARNING No
Audit success access level Universal access authority READ
Audit failures access level READ Resource level 0
Mandatory Access Control Statistics
------------------------ ----------
Security label Creation date 22Sep2006
So far so good (I think) but how would I add to this code to list the access list of userid's who are permitted to these different type 'INITIALn' resources? I haven't been able to adjust or discover just using the panels and testing different selections. I'm hoping you see a tweak to get that information on the report (if possible). I'm enjoying our auditor ad-hoc requests for information and using zSecure. ☹