DISPLAY/PUNCH ALL Syntax for Security Definitions

In addition to using DISPLAY and PUNCH syntax for specific resource definitions in a CA IDMS security database, you can issue either a DISPLAY ALL or PUNCH ALL statement for an entity type to display or punch all occurrences defined within that entity type. For example, you can issue a DISPLAY ALL RESOURCE AREAS to see the security definitions for all areas secured in a security database. You can also select occurrences of an entity type to display or punch by specifying the following:
idms19
In addition to using DISPLAY and PUNCH syntax for specific resource definitions in a CA IDMS security database, you can issue either a DISPLAY ALL or PUNCH ALL statement for an entity type to display or punch all occurrences defined within that entity type. For example, you can issue a DISPLAY ALL RESOURCE AREAS to see the security definitions for all areas secured in a security database. You can also select occurrences of an entity type to display or punch by specifying the following:
  • Conditional expressions
  • First occurrence of the entity type
  • Last occurrence of the entity type
  • A specific number of occurrences
Choosing Which Entity Occurrences to Display
The DISPLAY and PUNCH ALL syntax supports a variety of selection criteria to select occurrences to DISPLAY or PUNCH. You can use a conditional expression with Boolean criteria to select occurrences, including a mask comparison. The mask comparison supports the use of different keywords for each entity type. A table of keywords by entity type is presented in Usage.
Issue Statements from CA IDMS Command Facility
You can issue DISPLAY/PUNCH statements from either the Online (OCF) or Batch (BCF) Command Facility.
Syntax
►►─┬─ DISplay ─┬─┬── ALL ──────────────────────────┬─ 
entity-type
 ────────────►    └─ PUNch ───┘ └─┬─ FIRst ─┬──┬────────────────┬─┘                    └─ LASt ──┘  ├─ 1 ◄───────────┤                                 └─ 
entity-count
 ─┘  ►─┬────────────────────────────────┬─────────────────────────────────────────►    └─ WHEre 
conditional-expression
 ─┘  ►─┬────────────────────────┬─────────────────────────────────────────────────►    └─ VERB ─┬─ DISplay ◄──┬─┘             ├─ PUNch  ────┤             ├─ CREate ────┤             ├─ ALTer  ────┤             └─ DROp   ────┘  ►─┬─────────────────────┬────────────────────────────────────────────────────►    └─ AS ─┬─ COMments ─┬─┘           └─ SYNtax ───┘
Expansion of Conditional-Expression
►►─┬─ 
mask-comparison
 ────────────────────────┬───────────────────────────────►    ├─ 
value-comparison
 ───────────────────────┤    └─┬───────┬─ ( ─┬─ 
mask-comparison
 ──┬─ ) ─┘      └─ NOT ─┘     └─ 
value-comparison
 ─┘    ►─┬────────────────────────────────────────────────────────────┬─────────────►◄    │ ┌────────────────────────────────────────────────────────┐ │    └─▼─┬─ AND ─┬─┬─ 
mask-comparison
 ────────────────────────┬─┴─┘        └─ OR ──┘ ├─ 
value-comparison
 ───────────────────────┤                  └─┬───────┬─ ( ─┬─ 
mask-comparison
 ──┬─ ) ─┘                    └─ NOT ─┘     └─ 
value-comparison
 ─┘
Expansion of Mask-Comparison
►►─── 
entity-option-keyword
 ──────────────────────────────────────────────────►    ►─┬─ CONTAINs ─┬─ '
mask-value
' ──────────────────────────────────────────────►◄    └─ MATCHES ──┘
Expansion of Value-Comparison
►►─┬─ '
character-string-literal
' ─┬───────────────────────────────────────────►    ├─ 
numeric-literal
 ────────────┤    └─ 
entity-option-keyword
 ──────┘    ►─┬─ IS ─┬───────┬─────────┬─┬─ '
character-string-literal
' ─┬────────────────►◄    │      └─ NOT ─┘         │ ├─ 
numeric-literal
 ────────────┤    ├─ NE ───────────────────┤ └─ 
entity-option-keyword
 ──────┘    └─┬───────┬─┬─┬─ EQ ─┬─┬─┘      └─ NOT ─┘ │ └─ = ──┘ │                ├─┬─ GT ─┬─┤                │ └─ > ──┘ │                ├─┬─ LT ─┬─┤                │ └─ < ──┘ │                ├─ GE ─────┤                └─ LE ─────┘
Parameters
 
  • ALL
    Lists all occurrences of the requested entity type that the current user is authorized to display.
    Online users
    : With a large number of entity occurrences, ALL may have a slow response time.
  • FIRst
    Lists the first occurrence of the named entity type.
  • LASt
    Lists the last occurrence of the named entity type.
  • entity-count
    Specifies the number of occurrences of the named entity type to list. 1 is the default.
  • entity-type
    Identifies the entity type that is the object of the DISPLAY/PUNCH ALL request. Valid values appear in the table in Usage.
  • VERB DISplay/PUNch/CREate/ALTer/DROp
    Specifies the verb that is to accompany DISPLAY/PUNCH output. DISPLAY is the default.
  • AS SYNtax
    Specifies that the text output by the DISPLAY/PUNCH verb is to appear as syntax. In an online session, text displayed as syntax can be edited and resubmitted to the command facility. If the PUNCH command is issued in batch mode, the batch command facility directs the output to the SYSPCH file, where it can be edited and subsequently resubmitted.
  • AS COMments
    Specifies that the text output by the DISPLAY/PUNCH verb be formatted as comments; comments are preceded by *+ and are ignored by the command facility.
  • WHEre conditional-expression
    Specifies criteria to be used in selecting occurrences of the requested entity type.
    The outcome of a test for the condition determines which occurrences of the named entity type are displayed.
  • mask-comparison
    Compares an entity type operand with a mask value.
    • entity-option-keyword
      Identifies the left operand as a syntax option associated with the named entity type. The table in Usage lists valid options for each entity type.
    • CONTAINs
      Searches the left operand for an occurrence of the right operand. The length of the right operand must be less than or equal to the length of the left operand. If the right operand is not contained entirely in the left operand, the outcome of the condition is false.
    • MATCHES
      Compares the left operand with the right operand one character at a time, beginning with the leftmost character in each operand. When a character in the left operand does not match a character in the right operand, the outcome of the condition is false.
    • '
      mask-value
      '
      Identifies the right operand as a character string; the specified value must be enclosed in quotation marks. 
      Mask-value
       can contain the following special characters:
@
Matches any alphabetic character in
entity-option-keyword
.
#
Matches any numeric character in
entity-option-keyword
.
*
Matches any character in
entity-option-keyword
.
  • value-comparison
    Compares values contained in the left and right operands based on the specified comparison operator.
    • '
      character-string-literal
      '
      Identifies a character string enclosed in quotes.
    • numeric-literal
      Identifies a numeric value.
    • entity-option-keyword
      Identifies a syntax option associated with the named entity type; valid options for each entity type are listed in the table presented in Usage.
    • IS
      Specifies that the left operand must equal the right operand for the condition to be true.
    • NE
      Specifies that the left operand must 
      not
       equal the right operand for the condition to be true.
    • EQ/=
      Specifies that the left operand must equal the right operand for the condition to be true.
    • GT/>
      Specifies that the left operand must be greater than the right operand for the condition to be true.
    • LT/<
      Specifies that the left operand must be less than the right operand for the condition to be true.
    • GE
      Specifies that the left operand must be greater than or equal to the right operand for the condition to be true.
    • LE
      Specifies that the left operand must be less than or equal to the right operand for the condition to be true.
  • NOT
    Specifies that the opposite of the condition fulfills the test requirements. If NOT is specified, the condition must be enclosed in parentheses.
  • AND
    Indicates the expression is true only if the outcome of both test conditions is true.
  • OR
    Indicates the expression is true if the outcome of either one or both test conditions is true.
Usage
Output Contains Only Enough Information to Display/Punch Entity
Output produced by DISPLAY or PUNCH ALL consists only of the information necessary to execute a DISPLAY/PUNCH request for each entity occurrence. For example, Resource DMCL occurrences are displayed with their name, and AREA occurrences with their fully qualified name (that is, segmentname.areaname). In an online session, the user can execute the displayed statements by pressing [Enter]. This two-step process allows the user to scan the names of entity occurrences related to the database in which the statement is issued.
Valid Entity Types and Option Keywords for Conditional Expressions
The following table lists valid entity types and keywords that you can specify as 
entity-type
 and 
entity-option-keyword
 in the DISPLAY ALL and PUNCH ALL syntax.
Entity type
Entity-option keyword
Selects based on
All Security components
 
 
 
NAMe
FULl NAMe
RESource NAMe
CREated by
PREpared by
LASt UPDated by
REVised by
DATe last UPDated
MONth last UPDated
DAY last UPDated
YEAr last UPDated
DATe CREated
MONth CREated
DAY CREated
YEAr CREated
Unqualified Name (1)
Qualified Name (1)
Unqualified Name
(Resources only) (1)
User who created occurrence
User who created occurrence
User who last updated
occurrence
User who last updated
occurrence
Date (MM/DD/YY) occurrence
last updated
Month occurrence last updated
Day occurrence last updated
Year occurrence last updated
Date (MM/DD/YY) occurrences
created
Month occurrence created
Day occurrence created
Year occurrence created
.tabreak
Global Security components
GROups
GROup name
STAtus
Name (ID) of Group
Status of GROUP
(ACTIVE, INACTIVE,
LOGICALLY DELETED)
USErs
USEr name
STAtus
FULl NAMe
PROfile
Name (ID) of User
Status of USER
(ACTIVE, INACTIVE,
LOGICALLY DELETED)
Full Name of User
Profile assigned to User
USEr PROfiles
USEr PROfile name
PROfile name
Profile Name
Profile Name
Physical Database Security components
RESource AREas
resource AREa NAMe
SEGment name
Unqualified AREA name (1)
Area's segment name
RESource DBs
resource DB NAMe
Name of Database
RESource
DBTables
resource DBTable NAMe
Name of DBTable
RESource DMCls
resource DMCL NAMe
Name of DMCL
RESource NONsql
SCHEmas
resource NONSQL
SCHEma NAME
Name of NON SQL Schema
SQL Security Components
RESource ACCess
MODules
or
RESource AMS
resource ACCess
MODule NAMe
resource AM NAMe
AM NAMe
SCHema name
Unqualified Name of
Access Module (1)
Unqualified Name of
Access Module (1)
Unqualified Name of
Access Module (1)
Schema Name of Access Module
RESource SCHemas
resource SCHema NAMe
Name of SQL Schema
RESource TABles
resource TABle NAMe
SCHema NAMe
Unqualified Name of Table (1)
Schema Name of Table
System Security Components
RESource
ACTivities
resource ACTivity name
NUMber
Name of Activity
Activity Number
RESource
CATegories
resource CATegory NAMe
NUMber
Name of Category
Category Number
RESource SYStems
resource SYStem NAMe
Name of System
SYStem PROfiles
system PROfile NAMe
Profile Name
The following
Resource Category Components
can be selected using the specified entity-option keyword (in addition to those specified in the preceding Resource Categories).
RESource CATegory
ACCess MODules
or
RESource CATegory
AMS
ACCess MODule name
DICTName
DICtionary name
SCHema name
Unqualified Access Module
Name (1)
Dictionary Name
Dictionary Name
SQL Schema Name
RESource
category
LOAd MODules
LOAd MODule name
DICTName
DICtionary name
Version
Unqualified Load Module
Name (1)
Dictionary Name
Dictionary Name
Version Number
(in V
nnnn
format)
RESource
category
PROgrams
PROgram name
FILe name
Version
Unqualified Program name
File Name (CDMSLIB)
Version Number
(in V
nnnn
format)
RESource
category
QUEues
QUEue name
Name of Queue
RESource
category
RUNunits
RUNunit name
DATabase NAMe
DBName
SUBschema name
PROgram name
Unqualified Rununit name (1)
Database Name
Database Name
Subschema Name
Program Name
RESource
category
TASks
TASk name
Name of task
(1) Unqualified name selections are based on the primary name of the entity occurrence only. To select based on the fully qualified occurrence name, token FULL NAME must be specified. Security components with qualified names are specified in the following table.
Fully Qualified Names of Security Components
The fully qualified names of security components are listed in the following table.
Resource
Fully qualified name
ACCESS MODULE
schema-name.access-module-name
AREA
segment-name.area-name
TABLE
schema-name.table-name
CATEGORY ACCESS MODULE
dictname.schema-name. access-module-name
CATEGORY LOAD MODULE
dictname.Vnnnn.load-module-name
CATEGORY RUNUNIT
dbname.subschema-name.program-name
CATEGORY PROGRAM
CDMSLIB.
program-name
or
Vnnnn.program-name
For all other security components, unqualified and qualified names are the same.
Date and Year 2000 support
You can use date selection criteria and year 2000 support in DISPLAY/PUNCH ALL statements to display security entities.
You implement date selection criteria in these WHERE clause options:
  • DATE CREATED
  • DATE LAST UPDATED
You can specify the date as a 
value-comparison
 string in the form 'MM/DD/YY' in the right side of the conditional expression. CA IDMS extracts it in CCYYMMDD form to accurately determine the relationship of dates. For example, this DISPLAY ALL statement:
DISPLAY ALL USERS WHERE DATE CREATED > '01/01/96';
establishes a search criteria to identify the USERS whose DATE CREATED values are greater than the specified string. The DISPLAY ALL process determines that the date '01/01/96' is greater than the date '12/31/95'.
Alternatively, you may specify the 
value-comparison
 string on either side of the conditional expression in the form 'CCYYMMDD' to achieve the same results.
You can also substitute day, month, or year for each of these WHERE clause options. For example, this DISPLAY ALL statement specifies a search condition that is based on month and year:
DISPLAY ALL RESOURCE AREAS    WHERE MONTH CREATED = '01'    AND YEAR CREATED > '95';
Default Order of Precedence Applied to Logical Operators
Conditional expressions can contain a single condition, or two or more conditions combined with the logical operators AND or OR. The logical operator NOT specifies the opposite of the condition. The command facility evaluates operators in a conditional expression one at a time, from left to right, in order of precedence. The default order of precedence is as follows:
  • MATCHES or CONTAINS keywords
  • EQ, NE, GT, LT, GE, LE operators
  • NOT
  • AND
  • OR
If parentheses are used to override the default order of precedence, the command facility evaluates the expression within the innermost parentheses first.
The following examples show sample DISPLAY statements for security definitions.
DISPLAY ALL GROUPS WHERE STATUS IS 'ACTIVE'
                   OCF rr.r IDMS  PAGE 1 LINE 1  DICT=SYSTEM       1/8 cv-name DISPLAY ALL GROUPS WHERE STATUS IS 'ACTIVE'; *+ Status = 0        SQLSTATE = 00000 *+   DISPLAY GROUP "TESTGROUP" ; *+   DISPLAY GROUP "PUBLIC" ; *+   DISPLAY GROUP "MIS" ; *+   DISPLAY GROUP "HR" ; *+   DISPLAY GROUP "ACCOUNTING" ; *+ I DC601157  NO MORE ENTITY OCCURRENCES FOUND                         WORD  1
DISPLAY ALL USERS WHERE USER NAME MATCHES 'SP'
                   OCF rr.r IDMS  PAGE 1 LINE 1  DICT=SYSTEM       1/5 cv-name DISPLAY ALL USERS WHERE USER NAME MATCHES 'SP' *+ Status = 0        SQLSTATE = 00000 *+   DISPLAY USER "SPILL01" ; *+   DISPLAY USER "SPANL01" ; *+ I DC601157  NO MORE ENTITY OCCURRENCES FOUND                         WORD  1