ACFRPTEL - Infostorage Update Log

1escribes the ACFRPTEL infostorage update log report
acf2src
The ACFRPTEL report generator processes the SMF records issued for CA ACF2 recovery purposes and lists each change to the Infostorage database. These changes include updates to entry records, resource rule sets, GSO records, and CA ACF2 for DB2 rule sets and records, and other types of infostorage record.
Checking Authorization
CA ACF2 checks whether the person submitting the utility is authorized to view or manipulate the input SMF data. If you specify RPTSCOPE in the GSO OPTS record, a user is restricted to the SMF record data that matches his or her privileges and restrictions. In the default case of NORPTSCOPE, no authorization checking is done.
For the ACFRPTEL report, the following privileges and restrictions of the user running the report are validated as part of the report processing when RPTSCOPE is specified: SECURITY or AUDIT and the INF field in the associated scope record, or INFOLIST, DECOMP, or %CHANGE (for resource rule) privileges. If the user has one of these authorities and the SMF record is in the scope of the user's logonid, or the user has INFOLIST, DECOMP, or %CHANGE for a resource rule, the user can view the record.
Running the Report Using ISPF Panel
You can use the ACFRPTEL ISPF panel to create your input for the report. The following parameters can be found on the ACFRPTEL ISPF panel.
TITLE
Specifies a character string added to other title information at the top of the report (on the ISPF panel). This character string can be up to 35 characters in length. If you do not specify this parameter, the report generator uses the first 35 characters in the PARM field of the EXEC statement. If this character string is longer than 35 characters, only the first 35 characters are used.
TYPE
Specifies update information for a specific type of rule or Infostorage database record. The default is all types. The following list describes the predefined or sample CA ACF2 type names. Additional type codes can be defined locally.
Note: To avoid producing confusing reports, we recommend that you do not assign duplicate type codes, even if these codes are in different storage classes.
  • C (CONTROL) Records:
    CAC-Cache Options
    IMS-CA ACF2 IMS option
  • CPF-Command Propagation Facility Options
    DB2-CA ACF2 for DB2 Options
    GSO-Global System Options
    NET-Distributed Database (DDB) Options
    SMS-System Managed Storage Options
    SSO-Subsystem Option Records
    TSO-TSO Logon Parameter Records
  • D (DB2) CA ACF2 for DB2 Rule Sets:
    BPL-Buffer Pool Rule Sets
    COL-Collection Rule Sets
    DBS-Database Rule Sets
    PKG-Application Package Rule Sets
    PLN-Application Plan Rule Sets
    STG-Storage Group Rule Sets
    SYS-System Privilege or Utility Rule Sets
    TBL-Table Rule Sets
    TSP-Table Space Rule Sets
  • E (ENTRY) Records:
    OID-Operator Identification Records
    SRC-Source Records
    SGP-Source Group Records
  • F (FIELD) CA RLP Records:
    REC-Record Definitions
    EXP-Expression Definitions
  • I (IDENTITY) Records:
    AUT
    -Extended User Authentication Records
  • P (PROFILE) Profile Records:
    ALU-APPCLU Profiles
    DLF-DLFCLASS Profiles
    DSN-DATASET Profiles
    GRP-Group Profiles
    KEY-KEYSMSTR Profiles
    PTK-PTKTDATA Profiles
    SMV-SYSMVIEW Profiles
    USR-USER Profiles
  • S(SCOPE):
    SCP-Scope Definitions
  • T (SHIFT) Time Records:
    SFT-Shift Definitions
    ZON-Time Zone Definitions
  • X (XREF) Cross-Reference Records:
    IDS-IMS Cross-Reference Records
    LGP-Logonid/Group Cross-Reference Records
    NGP-Node/Group Cross-Reference Records
    RGP-Resource/Group Cross-Reference Records
    SGP-Source/Group Cross-Reference Records
  • R (RESOURCE) Resource Rule Sets:
    CDB-CICS DBD rule sets for use with DL/I
    CFC-CICS file control rule sets
    CKC-CICS transaction control rule sets
    CMR-CICS MRO SYSID rule sets
    CPC-CICS Program Control Sets
    CTD-CICS Transient Data Rule Sets
    CTS-CICS Temporary Storage Rule Sets
    DAT-CA-IDMS Area Control Rule Sets
    IAG-IMS Application Group Name Rule Sets
    ICM-IMS Command Rule Sets
    IPS-IMS PSB Rule Sets
    ITR-IMS Transaction Control Rule Sets
    PGM-CA-IDMS Program Control Rule Sets
    PGN-CA-IDMS Non-Protected Program Control Rule Sets
    PSB-CICS PSB Rule Sets for Use with DL/I
    SAF-System Authorization Facility Rule Sets
    SSC-CA-IDMS Subschema Rule Sets
    TAC-TSO Account Number Rule Sets
    TGR-Group or Project Rule Sets
    TPR-TSO Procedure Rule Sets
    TSK-CA-IDMS Task Control Rule Sets
    VTA-VTAM ACB OPEN Rule Sets
ID
Specifies a mask for the actual name of the rule set or entry list. Combined with the TYPE parameter, the ID parameter enables you to search for specific infostorage updates. The default is all rule sets.
LOGONID MASK
Specifies selection of records based on the logonid(s) of the person updating the Infostorage database. The default is all logonids.
CLASS
Specifies the one-character storage class code of the infostorage records to be processed. The default is R (for resource rule sets). To create a report showing all infostorage records, do not specify the CLASS keyword. The storage class code for CA ACF2 for DB2 rule sets is D. For more information about CA ACF2 for DB2 rule sets, see CA ACF2 Option for DB2.
TIME
Specifies the desired format of the time stamp in report : M(default) will display HH.MM, S = HH.MM.SS or H = HH.MM.SS.TH.
LIDNAME
Specifies whether the full user name needs to be printed on the report or the LID field is only reported. N default will report only the LID field.
OUTPUT LIST NAME: LIST ID
Specifies the 1- to 8-character output list name. ISPF prefixes the name you specify with the user's prefix from his profile and the characters ACF2.ACFRPTEL. For example, if you specify TEST as the output list name, your output list data set name is
dft-pfx
.ACF2.ACFRPTEL.TEST.
DETAIL|SUMMARY
Specifies one line of information for each INSERT, CHANGE, or DELETE subcommand entry. SUMMARY is the default.
The DETAIL parameter produces additional lines of information for any INSERT, CHANGE, or DELETE subcommand entry updating the Infostorage database for structured infostorage records and resource rules. This information includes:
  • The name of each field changed in the Infostorage database record.
  • The old value of each field.
  • The new value of each field.
  • A complete before and afterimage of a decompiled rule set, when a change affects a rule set. For deleted rule sets, the decompiled rule set that was deleted is shown.
This detailed information is not produced for unstructured infostorage records, such as scope and shift. SMF records for unstructured infostorage records contain the deleted image; however, the information is unprintable on the report.
Note: The deleted image on the SMF record is available to the user as a tracking mechanism. This record creates a specific audit trail of deleted records, giving a detailed image of each record that is deleted. If a CA ACF2 database record is reconstructed, a new record is created from the image. For information about how to recover records, see Database Recovery.
CHANGE DESCRIPTION
Produces the entries deleted or inserted into a rule set. This option is valid with the Detail option only.
SPECIFY INPUT DATA SET(S) FOR ACFRPTEL
For an explanation of the options available, see Input and Output Files for Report Generators.
LOGSTREAM
Indicates if LOGSTREAM SMF data needs to be retrieved. This parameter is available for z/OS1.9 and higher when the SNF data is being captured by a LGR LOGSTREAM structure. When Y is specified an ACFRPTAL is displayed to provide specific logstream parameters.
Running the Report Using JCL
You can use JCL to run the ACFRPTEL report. For information running the report, see Using Sample JCL to Execute Reports.
SUMMARY|DETAIL
Specifies one line of information for each INSERT, CHANGE, or DELETE subcommand entry. SUMMARY is the default.
The DETAIL parameter produces additional lines of information for any INSERT, CHANGE, or DELETE subcommand entry updating the Infostorage database for structured infostorage records and resource rules. This information includes:
  • The name of each field changed in the Infostorage database record.
  • The old value of each field.
  • The new value of each field.
  • A complete before and afterimage of a decompiled rule set, when a change affects a rule set. For deleted rule sets, the decompiled rule set that was deleted is shown.
This detailed information is not produced for unstructured infostorage records, such as scope and shift. SMF records for unstructured infostorage records contain the deleted image; however, the information is unprintable on the report.
Note:
The deleted image on the SMF record is available to the user as a tracking mechanism. This record creates a specific audit trail of deleted records, giving a detailed image of each record that is deleted. If a CA ACF2 database record is reconstructed, a new record is created from the image. For information about how to recover records, see Database Recovery.
ID=(-|idmask)
Specifies a mask for the actual name of the rule set or entry list. Combined with the TYPE parameter, the ID parameter enables you to search for specific infostorage updates. This field is case-sensitive, which allows you to specify mixed-case resource rule names. The default is dash (-), all rule sets.
TYPE(-|typemask)
Specifies update information for a specific type of rule or Infostorage database record. The default is all types. The following list describes the predefined or sample CA ACF2 type names. Additional type codes can be defined locally. To avoid producing confusing reports, we recommend that you do not assign duplicate type codes, even if these codes are in different storage classes. You can also specify a dash (-) or typemask.
C (CONTROL) Records
:
  • CAC-Cache Options
  • CPF-Command Propagation Facility Options
  • DB2-CA ACF2 for DB2 Options
  • GSO-Global System Options
  • NET-Distributed Database (DDB) Options
  • SCP-Scope Definitions
  • SMS-System Managed Storage Options
  • SSO-Subsystem Option Records
  • TSO-TSO Logon Parameter Records
D (DB2) CA ACF2 for DB2 Rule Sets:
  • BPL-Buffer Pool Rule Sets
  • COL-Collection Rule Sets
  • DBS-Database Rule Sets
  • PKG-Application Package Rule Sets
  • PLN-Application Plan Rule Sets
  • STG-Storage Group Rule Sets
  • SYS-System Privilege or Utility Rule Sets
  • TBL-Table Rule Sets
  • TSP-Table Space Rule Sets
E (ENTRY) Records:
  • OID-Operator Identification Records
  • SRC-Source Records
  • SGP-Source Group Records
F (FIELD) CA RLP Records:
  • REC-Record Definitions
  • EXP-Expression Definitions
I (IDENTITY) Records:
  • AUT-Extended User Authentication Records
P (PROFILE) Profile Records:
  • ALU-APPCLU Profiles
  • DLF-DLFCLASS Profiles
  • DSN-DATASET Profiles
  • GRP-Group Profiles
  • KEY-KEYSMSTR Profiles
  • PTK-PTKTDATA Profiles
  • SMV-SYSMVIEW Profiles
  • USR-USER Profiles
T (SHIFT) Time Records:
  • SFT-Shift Definitions
  • ZON-Time Zone Definitions
V (VAX) CA ACF2/VAX Records:
  • NET-Network Records
  • UAF-User Access File Records
  • FIL-File Access Rules
X (XREF) Cross-Reference Records:
  • IDS-IMS Cross-Reference Records
  • LGP-Logonid/Group Cross-Reference Records
  • NGP-Node/Group Cross-Reference Records
  • RGP-Resource/Group Cross-Reference Records
  • SGP-Source/Group Cross-Reference Records
R (RESOURCE) Resource Rule Sets:
  • CDB-CICS DBD rule sets for use with DL/I
  • CFC-CICS file control rule sets
  • CKC-CICS transaction control rule sets
  • CMR-CICS MRO SYSID rule sets
  • CPC-CICS Program Control Sets
  • CTD-CICS Transient Data Rule Sets
  • CTS-CICS Temporary Storage Rule Sets
  • DAT-CA-IDMS Area Control Rule Sets
  • IAG-IMS Application Group Name Rule Sets
  • ICM-IMS Command Rule Sets
  • IPS-IMS PSB Rule Sets
  • ITR-IMS Transaction Control Rule Sets
  • PGM-CA-IDMS Program Control Rule Sets
  • PGN-CA-IDMS Non-Protected Program Control Rule Sets
  • PSB-CICS PSB Rule Sets for Use with DL/I
  • SAF-System Authorization Facility Rule Sets
  • SSC-CA-IDMS Subschema Rule Sets
  • TAC-TSO Account Number Rule Sets
  • TGR-Group or Project Rule Sets
  • TPR-TSO Procedure Rule Sets
  • TSK-CA-IDMS Task Control Rule Sets
  • VTA-VTAM ACB OPEN Rule Sets
[CHANGES]
For changed rules, the CHANGES parameter produces the entries deleted from the beforeimage and the entries inserted into the afterimage of the rule set. These changes are reported immediately following the afterimage.
CLASS(R|class)
Specifies the one-character storage class code of the infostorage records to be processed. The default is R (for resource rule sets). The storage class code for CA ACF2 for DB2 rule sets is D (for DB2). For more information about rule sets, see CA ACF2 Option for DB2.
[LIDNAME|NOLIDNAME]
Default NOLIDNAME requests the LID field to be reported. LIDNAME requests the full user name to be reported too.
MASK(********|logonidmask)
Specifies selection of records based on the logonid of the person updating the Infostorage database, thereby providing a summary of activity by a single person or group of people. The default is all logonids.
Common Parameters
ACFRPTEL accepts the following common parameters.
  • LINECNT
  • JOBMASK
  • TITLE
  • SDATE
  • EDATE
  • STIME
  • ETIME
  • SELECT
  • SYSID
  • HEX
  • COND
  • TIME
Input and Output Files
ACFRPTEL uses SYSPRINT, SYSIN, and RECxxxxx. For more information, see the documentation about input and output files for report generators.
Sort Sequence
The recommended sort sequence for the ACFRPTEL report is by storage class (major), type code, record name, date, and then time. Perform this sorting using your routine or modify and use the prototype JCL that CA ACF2 provides.
Sample Output
Two examples of the ACFRPTEL report are shown in this section. The first shows the report when the SUMMARY and TIME(M) default parameters are in effect. The second shows the report when the DETAIL parameter is in effect with TIME(H).
SUMMARY
The following example shows the ACFRPTEL report with the SUMMARY and default TIME(M) parameter:
<acf> Security - ACFRPTEL - INFORMATION STORAGE UPDATE LOG - PAGE 1 DATE 05/14/05 (05.134) TIME 08.08 SUMMARY DATE TIME JNAME LID/ MODULE FUNCTION CPU C-TYP-NAME NAME 05.124 05/04 10.15 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 05.124 05/04 10.15 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 05.124 05/04 10.15 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 05.124 05/04 10.15 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 05.124 05/04 10.15 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 05.124 05/04 10.15 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 TSO TLC USER NO 429 05.124 05/04 10.15 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 TSO TLC USER NO 429 05.124 05/04 10.15 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 TSO TLC USER NO 429 05.124 05/04 12.13 TLC406GS TLC406 ACF6DSTO REPLACE CPU1 R-CKC-TRN1 TLC USER NO 406 05.124 05/04 17.44 TLC413SM TLC413 ACF0AENT INSERT CPU1 X-RGP-CPU1 TLC USER NO 413 05.124 05/04 17.44 TLC413SM TLC413 ACF0AENT DELETE CPU1 X-RGP-CPU1 TLC USER NO 413
In this example, the first entry was made at 10:15 a.m. on May 4. The TLC429 logonid changed the GSO PSWD infostorage record named CPU1, which is in storage class C, type GSO. PSWD is the record ID. Other entries are read in a similar manner.
DETAIL
The following example shows the ACFRPTEL report with the DETAIL parameter:
<acf> Security - ACFRPTEL - INFORMATION STORAGE UPDATE LOG - PAGE 1 DATE 05/23/05 (05.143) TIME 08.08 DETAIL DATE TIME JNAME LID/ MODULE FUNCTION CPU C-TYP-NAME NAME FIELD OLD VALUE NEW VALUE 05.124 05/04 10.15.37.73 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 MINPSWD 1 5 05.124 05/04 10.15.37.73 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 WARNDAYS 1 2 05.124 05/04 10.15.37.73 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 PSWDJES NOPSWDJES PSWDJES 05.124 05/04 10.15.37.73 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 PASSLMT 2 3 05.124 05/04 10:15 TLC430GS TLC429 ACF0AENT DELETE CPU1 C-GSO-X3 PSWD TLC USER NO 429 BLPLOG NOBLPLOG CACHE CACHE CMDREC NOCMDREC CONSOLE NOROLL DDB DDB 05.124 05/04 10.15.37.73 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 WAITIME 0 60 05.124 05/04 10.15.37.73 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 QLOGON QLOGON NOQLOGON 05.124 05/04 10.15.37.73 TLC429GS TLC429 ACF0AENT REPLACE CPU1 C-GSO-CPU1 PSWD TLC USER NO 429 LOGONCK NOLOGONCK LOGONCK 05.124 05/04 12.44.15.56 TLC406GS TLC406 ACF6DSTO BFORREPL CPU1 R-CKC-TRN1 TLC USER NO 406 ACF75052 RESOURCE RULE TRN1 STORED BY TLC406 ON 05/04/05-12:33 $KEY(TRN1) TYPE(CKC) UID(*****USER01) ALLOW 05.124 05/04 12.44.15.56 TLC406GS TLC406 ACF6DSTO REPLACE CPU1 R-CKC-TRN1 TLC USER NO 406 ACF75052 RESOURCE RULE TRN1 STORED BY TLC406 ON 05/04/05-12:44 $KEY(TRN1) TYPE(CKC) UID(*****USER01) ALLOW UID(*****USER02) LOG UID(*****USER03) PREVENT UID(*****USER04) VERIFY ALLOW 05.124 05/04 17.44.27.35 TLC413SM TLC413 ACF0AENT INSERT CPU1 X-RGP-CPU1 TLC USER NO 413 INCLUDE ---NULLS--- TRN1 RESOURCE RESOURCE RESOURCE TYPE ---NULLS--- ITR 05.124 05/04 17.44.27.35 TLC413SM TLC413 ACF0AENT DELETE CPU1 X-RGP-CPU1 TLC USER NO 413 INCLUDE TRN1 RESOURCE RESOURCE TYPE ITR
This report contains the entries shown in the previous example with the largest TIME format and additional lines of information showing the fields or rules that were changed.
In this first entry, the TLC429 logonid changed the MINPSWD field of the GSO PSWD record from 1 to 5. This detailed information is produced for any structured infostorage record, such as GSO records. For resource rules, the decompiled afterimage is shown if a rule was inserted or changed.
In the ninth entry, the example shows the resource rule as it appears before and after the change was made. For deleted rules, the decompiled before-image is shown. This detailed information is not produced for unstructured infostorage records, such as scope, shift, or source records.
Field Descriptions
  • CPU
    The SMF CPU ID of the CPU where validation occurred.
  • C-TYPE-NAME
    The storage class, type code, and name of the record changed. The storage class and type code might be one of the following letters:
    • C-Control record
      type code CAC, CPF, DB2, GSO, IMS, NET, SMS, SSO, and TSO.
    • D-CA ACF2 for DB2 rule set
      type code SYS, DBS, PLN, TBL, BPL, STG, and TSP.
    • E-Entry record
      type code SRC, SGP, and OID.
    • I-Identity record
      type code AUT.
    • R-Resource rule set
      type code CDB, CFC, CKC, CMR, CPC, CTD, CTS, IAG, ICM, IPS, ITR, PSB, TAC, TGR, TPR, and VTA.
    • S-Scope record
      type code SCP.
    • T-Shift or zone record
      type code SFT and ZON.
    • X-Cross-reference record
      type code IDS, RGP, and SGP.
  • The name of the record can be one of the following:
    • Control record name
    • DB2 subsystem ID followed by the CA ACF2 for DB2 resource name ($KEY)
    • Record ID for entry records
    • Extended user authentication record name for identity records
    • Key (designated in the $KEY control statement) for resource rule sets
    • Scope record name
    • Name of the shift or zone
    • Cross-reference record name
  • DATE
    The Julian and Gregorian date when the update was made. The format of this date is MM/DD or DD/MM based on the date option in the GSO OPTS infostorage record.
  • FUNCTION
    The type of update requested. This field takes any of the following values:
    • INSERT-the request was to insert a new record or rule set into the Infostorage database. This request function indicates no previous record existed.
    • BFORREPL-the request was to replace the record or rule set. This entry identifies the before image.
    • REPLACE-the update request specified insertion, but the record or rule set already existed. CA ACF2 converts INSERT requests to REPLACE unless instructed not to do so.
    • DELETE-the update request specified deletion of a record or rule set from the Infostorage database.
  • JNAME
    The name of the job under which the updates were made. If this is a TSO session, the job name and the logonid are usually the same.
  • LID
    The logonid of the user who made the update.
  • MODULE
    The name of the program that issued the update request. The program making the update request provides this name to CA ACF2.
  • TIME
    The time when the update was made.
  • USING
    The logonid of the model record specified in the USING parameter of the ACF command.
  • NAME
    The name of the user who made the update.
Additional Fields
The following fields appear as an additional line of information on control record updates when the DETAIL parameter is specified:
  • FIELD
    The name of the field in the record that was updated
  • OLD VALUE
    The value of the field before the update was made
  • NEW VALUE
    The value of the field after the update.
When the DETAIL parameter is in effect, the values before and after the change to structured infostorage records are reported as follows:
  • If the value of a field is too long, the field is continued onto more than one line of the report.
  • If a field contains no value, the message ---NULLS--- appears for the value of that field on the report.
  • If the value of a field cannot be reconstructed (such as a password), the message ---NON PRINTABLE--- is reported for the value of that field.
  • If the value of a field is considered sensitive (such as an encrypted value), the message ---NON DISPLAYABLE--- is reported for the value of the field.
  • If the user printing the report does not have authorization to list the value of a field, the message ---NOT AUTH--- is reported for the value of that field.
  • If no fields were changed, the message*** NO FIELDS CHANGED *** is reported instead of the old and new values of the field.
    For changed or inserted resource rules,
    ACF2
    decompiles and prints the afterimage of the rule set instead of the old and new values of the rule. For deleted resource rules,
    ACF2
    decompiles and prints the image of the resource rule before the rule was deleted.