IBM Security Z Security

I have a requestor that wants to Init Counter on the default group, when they try it they see a CGINITCT value of typically zero for most groups except for the dfltgrp.   This is the only thing that runs successfully, but it gives a value for every group connected:

 n n=baseu1 segment=BASE required nopage header=column
  s s=base c=user mask=rb1*
  sortlist ,
  key(8),
  dfltgrp,
  CGINITCT,
  complex

I thought I may have to do some SUBSELCT on the connection to get the value just for the DFLTGRP, but so far all I get is syntax errors.  Can you point me in the right direction?

Hi Linnea,

SUBSELECT acts on the CONNECTS repeated field, but that field does not show the counter for the number of RACINITs using that connect (CGINITCT).

What you could do is use RETAIN to print the value of all fields on all lines and then run another pass to discard the records that have a count of 0.

I do not believe that you achieve what you want in a single pass.

alloc type=output dd=x dsn=your.temp.data.setn nopage header=column retain dd=x                       s s=base c=user mask=rb1*                             sortlist key(8) dfltgrp CGINITCT complex             

then

deftype type=@                           alloc type=@ dsn=your.temp.data.setn nopage type=@                            def count as substr(record,19,5)         x count='    0'                          list record                           

I hope this helps,

I have a requestor that wants to Init Counter on the default group, when they try it they see a CGINITCT value of typically zero for most groups except for the dfltgrp.   This is the only thing that runs successfully, but it gives a value for every group connected:

 n n=baseu1 segment=BASE required nopage header=column
  s s=base c=user mask=rb1*
  sortlist ,
  key(8),
  dfltgrp,
  CGINITCT,
  complex

I thought I may have to do some SUBSELCT on the connection to get the value just for the DFLTGRP, but so far all I get is syntax errors.  Can you point me in the right direction?

Hi Linnea

CGINITCT is a neat way to estimate the number of logons for a user ID, well at least show a relative measure for the activity of an ID.  Note that the connect group statistics are not propagated in an RRSF environment, so you will also have an idea where the ID authenticated.

Since only 1 group has the CGINITCT value set (most of the time), you can probably get away with sorting the count in  reverse order, and showing only the first entry of the list, like so

 n n=logonct required nopage header=column
  s s=base c=user mask=rb1*
  sortlist ,
  key(8),
  dfltgrp,
  CGINITCT(sort(descending),firstonly),
  complex

------------------------------
Rob van Hoboken
------------------------------

So if on my ALLOC of the RACF DB, I did zsecnode=*, I will have an entry in the report for each node.

If I removed COMPLEX there is really no way for Carla to add the CGINITCT from all the nodes.     Best I could do is used MAX to give me the largest count from the nodes. 

Correct?

Hi Linnea

CGINITCT is a neat way to estimate the number of logons for a user ID, well at least show a relative measure for the activity of an ID.  Note that the connect group statistics are not propagated in an RRSF environment, so you will also have an idea where the ID authenticated.

Since only 1 group has the CGINITCT value set (most of the time), you can probably get away with sorting the count in  reverse order, and showing only the first entry of the list, like so

 n n=logonct required nopage header=column
  s s=base c=user mask=rb1*
  sortlist ,
  key(8),
  dfltgrp,
  CGINITCT(sort(descending),firstonly),
  complex

------------------------------
Rob van Hoboken
------------------------------

I cannot try this at home but you might be able to sum up the CGINITCT to get an approximation of the number of logons per user like so

 n n=initsum nopage header=column
  s s=base c=user mask=rb1*
  define cginitsum sum(cginitct)
  summary  ,
  key(8),
 max(dfltgrp),
 cginitsum

This would add up the cginitct values from all the RACF input sources for the user ID.  I have added a MAX( ) around dfltgrp, just in case the default group for your user IDs is not 100% consistent.  MAX( ) turns this normal field into a statistic, so different values no longer cause a split up of the user ID's summary.

Let us know if this gives you a syntax error, or if it works ;-).

So if on my ALLOC of the RACF DB, I did zsecnode=*, I will have an entry in the report for each node.

If I removed COMPLEX there is really no way for Carla to add the CGINITCT from all the nodes.     Best I could do is used MAX to give me the largest count from the nodes. 

Correct?

Hi Linnea

CGINITCT is a neat way to estimate the number of logons for a user ID, well at least show a relative measure for the activity of an ID.  Note that the connect group statistics are not propagated in an RRSF environment, so you will also have an idea where the ID authenticated.

Since only 1 group has the CGINITCT value set (most of the time), you can probably get away with sorting the count in  reverse order, and showing only the first entry of the list, like so

 n n=logonct required nopage header=column
  s s=base c=user mask=rb1*
  sortlist ,
  key(8),
  dfltgrp,
  CGINITCT(sort(descending),firstonly),
  complex

------------------------------
Rob van Hoboken
------------------------------

I cannot try this at home but you might be able to sum up the CGINITCT to get an approximation of the number of logons per user like so

 n n=initsum nopage header=column
  s s=base c=user mask=rb1*
  define cginitsum sum(cginitct)
  summary  ,
  key(8),
 max(dfltgrp),
 cginitsum

This would add up the cginitct values from all the RACF input sources for the user ID.  I have added a MAX( ) around dfltgrp, just in case the default group for your user IDs is not 100% consistent.  MAX( ) turns this normal field into a statistic, so different values no longer cause a split up of the user ID's summary.

Let us know if this gives you a syntax error, or if it works ;-).

So if on my ALLOC of the RACF DB, I did zsecnode=*, I will have an entry in the report for each node.

If I removed COMPLEX there is really no way for Carla to add the CGINITCT from all the nodes.     Best I could do is used MAX to give me the largest count from the nodes. 

Correct?

Hi Linnea

CGINITCT is a neat way to estimate the number of logons for a user ID, well at least show a relative measure for the activity of an ID.  Note that the connect group statistics are not propagated in an RRSF environment, so you will also have an idea where the ID authenticated.

Since only 1 group has the CGINITCT value set (most of the time), you can probably get away with sorting the count in  reverse order, and showing only the first entry of the list, like so

 n n=logonct required nopage header=column
  s s=base c=user mask=rb1*
  sortlist ,
  key(8),
  dfltgrp,
  CGINITCT(sort(descending),firstonly),
  complex

------------------------------
Rob van Hoboken
------------------------------

I had to tweak it a little to run it successfully:

alloc type=racf active primary zsecnode=*
 n n=initsum nopage header=column
  s s=base c=user mask=rb1*
  define cginitsum sum(cginitct)
  summary  ,
  key(8),
 dfltgrp(max),
 cginitsum,
           last_connect_date($date,max)

However the CGINITSUM is all zeros.   I do get last connect dates that are accurate.

I cannot try this at home but you might be able to sum up the CGINITCT to get an approximation of the number of logons per user like so

 n n=initsum nopage header=column
  s s=base c=user mask=rb1*
  define cginitsum sum(cginitct)
  summary  ,
  key(8),
 max(dfltgrp),
 cginitsum

This would add up the cginitct values from all the RACF input sources for the user ID.  I have added a MAX( ) around dfltgrp, just in case the default group for your user IDs is not 100% consistent.  MAX( ) turns this normal field into a statistic, so different values no longer cause a split up of the user ID's summary.

Let us know if this gives you a syntax error, or if it works ;-).

So if on my ALLOC of the RACF DB, I did zsecnode=*, I will have an entry in the report for each node.

If I removed COMPLEX there is really no way for Carla to add the CGINITCT from all the nodes.     Best I could do is used MAX to give me the largest count from the nodes. 

Correct?

Hi Linnea

CGINITCT is a neat way to estimate the number of logons for a user ID, well at least show a relative measure for the activity of an ID.  Note that the connect group statistics are not propagated in an RRSF environment, so you will also have an idea where the ID authenticated.

Since only 1 group has the CGINITCT value set (most of the time), you can probably get away with sorting the count in  reverse order, and showing only the first entry of the list, like so

 n n=logonct required nopage header=column
  s s=base c=user mask=rb1*
  sortlist ,
  key(8),
  dfltgrp,
  CGINITCT(sort(descending),firstonly),
  complex

------------------------------
Rob van Hoboken
------------------------------

That's odd. (I take it that you know that not all CGINITCTs are actually zeroes.)

I do not believe the allocation method of the databases can influence this.

It works for me. So I guess that if you want more diagnostics that probably requires opening a Case and sharing the databases oslt.

I had to tweak it a little to run it successfully:

alloc type=racf active primary zsecnode=*
 n n=initsum nopage header=column
  s s=base c=user mask=rb1*
  define cginitsum sum(cginitct)
  summary  ,
  key(8),
 dfltgrp(max),
 cginitsum,
           last_connect_date($date,max)

However the CGINITSUM is all zeros.   I do get last connect dates that are accurate.

I cannot try this at home but you might be able to sum up the CGINITCT to get an approximation of the number of logons per user like so

 n n=initsum nopage header=column
  s s=base c=user mask=rb1*
  define cginitsum sum(cginitct)
  summary  ,
  key(8),
 max(dfltgrp),
 cginitsum

This would add up the cginitct values from all the RACF input sources for the user ID.  I have added a MAX( ) around dfltgrp, just in case the default group for your user IDs is not 100% consistent.  MAX( ) turns this normal field into a statistic, so different values no longer cause a split up of the user ID's summary.

Let us know if this gives you a syntax error, or if it works ;-).

So if on my ALLOC of the RACF DB, I did zsecnode=*, I will have an entry in the report for each node.

If I removed COMPLEX there is really no way for Carla to add the CGINITCT from all the nodes.     Best I could do is used MAX to give me the largest count from the nodes. 

Correct?

Hi Linnea

CGINITCT is a neat way to estimate the number of logons for a user ID, well at least show a relative measure for the activity of an ID.  Note that the connect group statistics are not propagated in an RRSF environment, so you will also have an idea where the ID authenticated.

Since only 1 group has the CGINITCT value set (most of the time), you can probably get away with sorting the count in  reverse order, and showing only the first entry of the list, like so

 n n=logonct required nopage header=column
  s s=base c=user mask=rb1*
  sortlist ,
  key(8),
  dfltgrp,
  CGINITCT(sort(descending),firstonly),
  complex

------------------------------
Rob van Hoboken
------------------------------

So if on my ALLOC of the RACF DB, I did zsecnode=*, I will have an entry in the report for each node.

If I removed COMPLEX there is really no way for Carla to add the CGINITCT from all the nodes.     Best I could do is used MAX to give me the largest count from the nodes. 

Correct?

Hi Linnea

CGINITCT is a neat way to estimate the number of logons for a user ID, well at least show a relative measure for the activity of an ID.  Note that the connect group statistics are not propagated in an RRSF environment, so you will also have an idea where the ID authenticated.

Since only 1 group has the CGINITCT value set (most of the time), you can probably get away with sorting the count in  reverse order, and showing only the first entry of the list, like so

 n n=logonct required nopage header=column
  s s=base c=user mask=rb1*
  sortlist ,
  key(8),
  dfltgrp,
  CGINITCT(sort(descending),firstonly),
  complex

------------------------------
Rob van Hoboken
------------------------------