ACFRPTIX - Data Set Index Report

1
acf2src
1
The ACFRPTIX utility helps the security administrators determine when the access environment for a particular data set high-level index has changed. To perform this function, ACFRPTIX searches the CA ACF2 access rule and logonid update records. Any access rule changed whose high-level index ($KEY value) matches the report search argument or any changed logonid, whose PREFIX field matches the search argument, is journaled.
When ACFRPTIX encounters a logonid update record, the report checks the owned data set PREFIX field for a match against the high-level index of the data set searched. The PREFIX in the logonid record indicates the data sets a user can access without any SMF journaling. The report lists the changed logonids with a PREFIX matching the search argument. However, this list does not indicate that the corresponding data set changed simultaneously.
ACFRPTIX also checks access rule update records for matches against the high-level index value of the search argument. A match indicates an update to the access rule set for the value searched. Optionally, ACFRPTIX can decompile and list the changed access rule sets.
ACFRPTIX ignores update changes from job validations to reduce output volume and because this type of record cannot change the access environment.
Execution of ACFRPTIX requires a region size of 256K.
Checking Authorization
CA ACF2 checks whether the person submitting the utility is authorized to view or manipulate the input SMF data. If you specify RPTSCOPE in the GSO OPTS record, a user is restricted to the SMF record data that matches his or her privileges and restrictions. In the default case of NORPTSCOPE, no authorization checking is done.
For the ACFRPTIX report, the following privileges and restrictions of the user running the report are validated as part of the report processing when RPTSCOPE is specified:
  • SECURITY, ACCOUNT, or AUDIT, and the UID, LID, or DSN fields in the scope record
  • The user's logonid or PREFIX
  • DECOMP
  • %CHANGE
  • %RCHANGE
If the user has one of these authorities and the SMF record is in the scope of the user's logonid or matches the user's logonid, owned PREFIX, DECOMP, %CHANGE, or %RCHANGE privileges, the user can view the record.
Running the Report Using the ISPF Panel
You can use the ACFRPTIX ISPF panel to create your input for the report.
TITLE
Specifies a character string added to other title information at the top of the report. This character string can be up to 35 characters in length. If you do not specify this parameter, the report generator uses the first 35 characters in the PARM field of the EXEC statement. If this character string is longer than 35 characters, only the first 35 characters are used.
SELLID
Specifies the logonid SMF journal record number. The default value, like the SELECT parameter default, is available only if the ACFFDR is available on the executing CPU. This default value is specified in the @SMF macro of the ACFFDR.
SELRULE
Specifies the SMF record numbers for the CA ACF2 access rule update journal. The default is not available unless the ACFFDR is available on the executing CPU. This default value is specified in the @SMF macro of the ACFFDR.
PREFIX MASK
Specifies that the data set high-level index is used as a search argument. ACFRPTIX checks the logonid PREFIX field and the key of each access rule set processed.
DETAIL
YES specifies that access rule set updates are decompiled and the results displayed using the DETAIL output file. NO results in only a summary listing. When NODETAIL is specified, the ETAIL output file is not needed.
TIME
Specifies the desired format of the time stap in report : M (default) will display HH.MM, S = HH.MM.SS or H = HH.MM.SS.TH.
OUTPUT LIST NAME: LIST ID
Species the 1-to 8-character output list name. ISPF prefixes the name you specify with the user's prefix from his profile and the characters ACF2.ACFRPTIX. For example, if you specify TEST as the output list name, your output list data set name is 
dft-pfx
.ACF2.ACFRPTIX.TEST.
DETAIL LIST NAME: DETAIL ID
Specifies that access rule set updates are decompiled and the results displayed using the DETAIL output file. NO results in only a summary listing. When NO is specified, the DETAIL output file is not needed.
SPECIFY INPUT DATA SET(S) FOR ACFRPTIX
For an explanation of the options available, see Input and Output Files for Report Generators in Reporting.
LOGSTREAM
Indicates if LOGSTREAM SMF data needs to be retrieved. This parameter is available for z/OS1.9 and higher when the SNF data is being captured by a LGR LOGSTREAM structure. When Y is specified an ACFRPTAL is displayed to provide specific logstream parameters.
Running the Report Using JCL
You can use JCL to run the ACFRPTIX report. For information on running the report, see the documentation about using sample JCL to execute reports.
[DETAIL|NODETAIL]
Requests that access rule set updates are decompiled and the results displayed using the DETAIL output file. NODETAIL results in only a summary listing. When NODETAIL is specified, the DETAIL output file is not needed.
[PREFIX(********|mask)]
Specifies that the data set high-level index is used as a search argument. ACFRPTIX checks the logonid PREFIX field and the key of each access rule set processed.
[SELLID(number defined in @SMF macro of ACFFDR|
nn,...,nn
)]
Defines the logonid SMF journal record number. The default value, like the SELECT parameter default, is available only if the ACFFDR is available on the executing CPU. This default value is specified in the @SMF macro of the ACFFDR.
[SELRULE(number defined in @SMF macro of ACFFDR|
nn,..., nn
)]
Defines the SMF record numbers for the CA ACF2 access rule update journal. The default is not available unless the ACFFDR is available on the executing CPU. This default value is specified in the @SMF macro of the ACFFDR.
Common Parameters
ACFRPTIX accepts the following parameters.
  • LINECNT
  • JOBMASK
  • TITLE
  • SDATE
  • EDATE
  • STIME
  • ETIME
  • SYSID
  • HEX
  • COND
  • TIME
Input and Output Files
ACFRPTIX uses SYSPRINT, SYSIN, and RECxxxxx. For more information, see the documentation about input and output files for report generators. In addition, you can also use the DETAIL file, which is specific to ACFRPTIX.
Sample Output
Two examples of the ACFRPTIX report are shown in the following. The first shows the report when the NODETAIL and TIME(H) parameter is in effect. The second shows the report when the DETAIL and default TIME(M) parameter is in effect.
NODETAIL
This example shows the main report from ACFRPTIX
<acf> Security - ACFRPTIX - ACCESS INDEX REPORT - PAGE 1 DATE 08/11/06 (06.223) TIME 08.20 DATE TIME TYPE KEY CHANGER JOBNAME CHANGE CPU DET 06.025 01/25 08.23.24.39 LID CTSMXC1 ACFUSER ACFUSER INSERT XE75 06.025 01/25 08.23.53.67 LID CTSMXC2 ACFUSER ACFUSER INSERT XE75 06.025 01/25 08.24.12.39 LID CTSMXC6 ACFUSER ACFUSER INSERT XE75 06.025 01/25 08.24.29.34 LID CTSMXC7 ACFUSER ACFUSER INSERT XE75 06.025 01/25 09.07.19.47 LID CTSMXC3 ACFUSER CICSC31 INSERT XE75 06.025 01/25 09.07.40.13 LID CTSMXC4 ACFUSER CICSC31 INSERT XE75 06.025 01/25 09.08.00.15 LID CTSMXC5 ACFUSER CICSC31 INSERT XE75 06.025 01/25 09.11.02.04 LID CTSMXC1 CTSMXC1 CICSC31 CHANGE XE75 06.025 01/25 09.11.55.96 LID CTSMXC1 CTSMXC1 CICSC31 CHANGE XE75 06.025 01/25 09.14.20.22 LID CTSMXC2 CTSMXC2 CICSC31 CHANGE XE75 06.026 01/26 09.06.26.03 LID CTSMXC1 ACFUSER ACFUSER CHANGE XE75
The detail report that also exists for ACFRPTIX run contains a similar heading and the decompilation of the rule sets.
DETAIL
The following shows the report with default DETAIL parameter specified. The TIME format doesn’t change in the separated detail report:
<acf> SECURITY - ACFRPTIX - ACCESS INDEX DETAIL REPORT - PAGE 1 DATE 04/04/98 (98.094) TIME 17.09 PREFIX(********) * RULE MPCCMLNK STORED BY TSSSMS1 ON 98.094 (04/04) 10.05 ACF75052 ACCESS RULE MPCCMLNK STORED BY TSSSMS1 ON 04/04/98-10:05 $KEY(MPCCMLNK) STAR.- UID(SH******SMS) READ(A) WRITE(A) ALLOC(A) EXEC(A) STAR.- UID(*) READ(A) EXEC(A) - UID(SH***AUDDSG) READ(A) WRITE(A) ALLOC(A) EXEC(A) - UID(SH***GERJE01) READ(A) WRITE(A) ALLOC(A) EXEC(A) - UID(SH***SSDAER) READ(A) WRITE(A) ALLOC(A) EXEC(A) - UID(SH***SSDJCH) READ(A) WRITE(A) ALLOC(A) EXEC(A) - UID(SH***SSDJ*I) READ(A) WRITE(A) ALLOC(A) EXEC(A) - UID(SH******SMS) READ(A) WRITE(A) ALLOC(A) EXEC(A) - UID(*) READ(A) EXEC(A) * RULE TSS STORED BY TSSISO ON 98.094 (04/04) 10.14 ACF75052 ACCESS RULE TSS STORED BY TSSISO ON 04/04/98-10:14 $KEY(TSS) $OWNER(TSS) $USERDATA(ACF2.RULES.TSS) %CHANGE SH***SSDLRG %CHANGE SH***TSSFKH ACF2CICS.- UID(SH***QAT) READ(A) WRITE(A) EXEC(A) ACF2CICS.- UID(SH***TSSISO) READ(A) WRITE(A) ALLOC(A) EXEC(A) ACF2CICS.- UID(SH***TSSPDC) READ(A) WRITE(A) ALLOC(A) EXEC(A) ACF2CICS.- UID(SH***TSS) READ(A) WRITE(A) EXEC(A) AL-.ASM UID(COO99) AL-.LIST- UID(COO99) AL-.VFIXES- UID(COO99) READ(A) EXEC(A) AL-.VFIXES- UID(SH***QAT) READ(A) WRITE(A) EXEC(A) AL-.VFIXES- UID(SH***SSD) READ(A) WRITE(A) EXEC(A) AL-.VFIXES- UID(SH***TSS) READ(A) WRITE(A) EXEC(A) AL-.VFIXES- UID(SH) READ(A) EXEC(A) CAPTFS.- UID(S) READ(A) WRITE(A) ALLOC(A) EXEC(A) CP-.ASM UID(COO99) CP-.LIST- UID(COO99) CP-.VFIXES- UID(COO99) READ(A) EXEC(A) CP-.VFIXES- UID(SH***QAT) READ(A) WRITE(A) EXEC(A) CP-.VFIXES- UID(SH***SSD) READ(A) WRITE(A) EXEC(A) CP-.VFIXES- UID(SH***TSS) READ(A) WRITE(A) EXEC(A) CP-.VFIXES- UID(SH) READ(A) EXEC(A) C***D**.- UID(SH***QAT) READ(A) WRITE(A) EXEC(A) C***D**.- UID(SH***TSSISO) READ(A) WRITE(A) ALLOC(A) EXEC(A) C***D**.- UID(SH***TSSPDC) READ(A) WRITE(A) ALLOC(A) EXEC(A) C***D**.- UID(SH***TSS) READ(A) WRITE(A) EXEC(A) C***R**.- UID(SH***QAT) READ(A) WRITE(A) EXEC(A) C***R**.- UID(SH***TSSISO) READ(A) WRITE(A) ALLOC(A) EXEC(A) C***R**.- UID(SH***TSSPDC) READ(A) WRITE(A) ALLOC(A) EXEC(A) C***R**.- UID(SH***TSS) READ(A) WRITE(A) EXEC(A) DISTRIB.CNTL UID(SHM**TSS) READ(A) WRITE(A) ALLOC(L) EXEC(A) DISTRIB.CNTL UID(SH***OPR) READ(A) EXEC(A) DISTRIB.CNTL UID(SH***QATMRE) READ(A) WRITE(A) EXEC(A) DISTRIB.CNTL UID(SH***USR) READ(A) EXEC(A) FIXXFER.ISPF.- UID(SH) READ(A) WRITE(A) EXEC(A) FIXXFER.TABLES UID(SH***TSS) READ(A) WRITE(A) EXEC(A) FIXXFER.- UID(COO99) READ(A) EXEC(A) FIXXFER.- UID(SH***QATMRE) READ(A) WRITE(A) ALLOC(A) EXEC(A) FIXXFER.- UID(SH) READ(A) EXEC(A)
Field Descriptions
CHANGE
The type of update performed to the record.
For logonids:
INSERT-a new record was inserted.
CHANGE-an existing record was changed.
DELETE/UPDATE-changes are not listed by ACFRPTIX.
For access rules:
INSERT-a new record was inserted.REPLACE-an old record was replaced.
DELETE-the access rule set was deleted.
CHANGER
The logonid of the user initiating the change. If the system operator issues an F ACF2,RESET(
logonid
) command, this field is set to OPER.
CPU
The SMF CPU identification issuing the update request.
DATE
The date when the logonid record or access rule set was updated. The format is MM/DD or DD/MM, depending on the date option in the GSO OPTS infostorage record.
DET
The page number in the detail report that starts the decompilation listing.
JOBNAME
The name of the job running at the time of the change. For TSO, this name is usually the same as the logonid.
KEY
The logonid that was changed or the high-level index name of the updated access rule set.
TIME
The time of day for the update.
TYPE
The type of record for which this summary report is run:
  • LID-a logonid record was found whose owned data set PREFIX matches the high-level index value of the search argument.
  • RULE-an access rule set was found whose high-level index name ($KEY value) matches the search argument.