IBM Security Z Security

 View Only
Expand all | Collapse all

Doing a dataset report with 'show differences' -

  • 1.  Doing a dataset report with 'show differences' -

    Posted Wed August 10, 2022 02:44 PM

    Doing a dataset report with 'show differences'

    Access list userid differences are shown.

    If a user was present in the base database, with READ access to a file, and no access on the target, one would add the user to the ACL on the target.

    Question is - at what level of access? Can the compare function display not only the userid but the access level it has?


    #ZSecurity
    #SupportMigration
    #Support


  • 2.  RE: Doing a dataset report with 'show differences' -

    Posted Thu August 11, 2022 11:56 PM

    I just ran the RA.D report

    I have this entry with two records

    Profile key # Type UACC Owner CRMBMVB.** 2 GENERIC ALTER CRMBMVB

    If I drill down into that profile, I see this.

    Profile key # Type UACC Owner S/F CRMBMVB.** 2 GENERIC ALTER CRMBMVB R Profile key Type UACC Owner S/F W CRMBMVB.** GENERIC NONE CRMBMVB R CRMBMVB.** GENERIC ALTER CRMBMVB R

    Scrolling to the right, I can see the systems to which these accesses apply

    Profile key # Type UACC Owner S/F CRMBMVB.** 2 GENERIC ALTER CRMBMVB R Profile key E SgF ID(*) Complex Notify CRMBMVB.** TVT8010 CRMBMVB.** TVT8011

    Now it is a matter of deciding which of these two accesses is the one I want and then making the changes.

    Hopefully, this gives you what you were wanting. if not, please explain a little more as to what you are wanting to accomplish.


    #ZSecurity
    #Support
    #SupportMigration


  • 3.  RE: Doing a dataset report with 'show differences' -

    Posted Wed August 24, 2022 03:26 PM

    Sorry - its been a while

    The report I have is a compare - a sample line is added below

    Clasname Profname Compare result CHG USERID(userid->)

    Also

    Clasname Profname Compare result CHG USERID(userid1,userid2,userid3->)

    I need to generate PERMIT commands based on this but I don't have the Access level that userid has on the profile.

    The report is genned from carla like this

    symbolic num compareopt=1

    DEFAULT COMPAREOPT_SHOW=(CHG)

    DEFINE TYPE=* HELPPANEL=CKRT3SHD COMPARE_CHANGES(CMPCHG,0,WW,HEADER),

    COMPARE_CHANGES

    DEFINE TYPE=* HELPPANEL=CKRT3SHD COMPARE_RESULT(NOSORTLIST,NODETAIL),

    COMPARE_RESULT

    n n=based3 segment=base required allowrestrict header=no nopage retain

    s s=base c=*

    exclude c=digt*

    exclude c=group

    exclude c=jesspool

    exclude c=kerblink

    exclude c=logstrm

    exclude c=ptktdata

    exclude c=sdsf

    exclude c=servauth

    exclude c=server

    exclude c=user

    exclude c=vtamappl

    exclude c=xfacilit

    sortlist complex class,

    key(50),

    (compareopt=1 ? compare_result(p,d),),

    (compareopt=1 ? COMPARE_CHANGES)

    It would be great to add the highest access for each user to each user and also to flatten the output so 1 userid on on each line along with its highest access, for example

    CHG USERID(userid1->,Update)

    CHG USERID(userid2->,READ)

    etc etc .

    Any suggestions?


    #ZSecurity
    #SupportMigration
    #Support