Hi Mikael,
After some consideration I think your observation might be a match to APAR OA61474, which development seeks to resolve in a future edition of the product.
This APAR is nominally about RACF_PROFILE not being filled in for TYPE=RESOURCE, but I believe this effect might also extend to TYPE=AS_DD. It is clearly about a failure in correctly analyzing a shared DASD configuration.
The level of detail in your description is insufficient to determine if the cause is the same, but it is also rather unlikely we would get very far there without spending a lot of time with looking at what happens with the complete CKFREEZE files etc., which might be more than you would like to share, and more work for us to analyze than we would be particularly charmed with, too. So I am not sure if you will find it worth opening an additional Case at this time.
Regards,
--Jeroen
P.S. The term "Problem Management Record" was tied to a prior tool we moved away from a few years ago, so I avoid using it now.
------------------------------
Jeroen Tiggelman
Software Development and Level 3 Support Manager IBM Security zSecure Suite
IBM
Delft
------------------------------
Original Message:
Sent: Mon January 23, 2023 08:29 AM
From: Mikael Rasmussen
Subject: CARLA reports on AS_DD do not always resolve RACF_PROFILE
We are now running version 2.5.0 of all zSecure products.
I do believe though, that I have seen the same misbehavior on version 2.4.0 as well.
CKR0615 does appear, and I interpret it in the way that it perceives my input as a single sysplex (Complex only appears on the first line).
It appears arbitrary to me - even though I know that nothing in IT is truly arbitrary, not even random functions.
The odd thing about this is that we have two sysplex´es with more or less the same setup. On one of them I see the error and on the other I don´t.
If there are no obvious explanations, what would be the appropriate information in a PMR?
------------------------------
Mikael Rasmussen
Senior Mainframe Security Engineer
Danske Bank
Brabrand
+4540766221
Original Message:
Sent: Fri January 20, 2023 06:18 AM
From: Mikael Rasmussen
Subject: CARLA reports on AS_DD do not always resolve RACF_PROFILE
I have developed a number of compliance reports in CARLA that uses the AS_DD type to assess the RACF protection of e.g. DB2 log datasets.
My experience is that in some cases, the RACF_PROFILE field - and hence also a number of deducted fields - are not resolved.
The input for the reports is a RACF unload and a number of CKFREEZE files - one per lpar in the sysplex.
The result may vary from time to time. In some cases, the RACF_PROFILE is always resolved, yet in other cases it may be missing on records from one or more of the lpars. If I generate the same report on only one CKFREEZE file, the RACF_PROFILE is always resolved.
Has anyone had similar experiences with AS_DD or similar types (e.g. DSN) where a RACF profile name is resolved from a resource name?
Or maybe even a suggested solution?
------------------------------
Mikael Rasmussen
Senior Mainframe Security Engineer
Danske Bank
Brabrand
+4540766221
------------------------------