ACFRPTRL - Rule-ID Modification Log

1
acf2src
1
CA ACF2 journals each update to the Rule database for recovery purposes. This report formats some of the information in the SMF record to show recent update activity to the database.
Checking Authorizations
CA ACF2 checks whether the person submitting the utility is authorized to view or manipulate the input SMF data. If you specify RPTSCOPE in the GSO OPTS record, a user is restricted to the SMF record data that matches his or her privileges and restrictions. In the default case of NORPTSCOPE, no authorization checking is done.
For the ACFRPTRL report, the following privileges and restrictions of the user running the report are validated as part of the report processing when RPTSCOPE is specified: the user's PREFIX, SECURITY or AUDIT field and the DSN field in the associated scope record, or DECOMP, %CHANGE, or %RCHANGE. If the user has one of these authorities and the SMF record is within the scope of the user's logonid, or matches the user's PREFIX, DECOMP, %CHANGE, or %RCHANGE privileges, the user can view the report.
Running the Report Using the ISPF Panel
You can use the ACFRPTRL ISPF panel to create your input for the report. The following parameters can be found on the ACFRPTRL ISPF panel.
TITLE
Specifies a character string added to other title information at the top of the report. This character string can be up to 35 characters in length. If you do not specify this parameter, the report generator uses the first 35 characters in the PARM field of the EXEC statement. If this character string is longer than 35 characters, only the first 35 characters are used.
LIDNAME
Specifies whether the full user name needs to be printed on the report or the LID field is only reported. N default will report only the LID field.
ACCESS RULE MASK
Specifies an eight-character mask used to select update reports for a specific data set index or group of indexes. The default causes all access rule update information to be output.
TIME
Specifies the desired format of the time stamp in report : M (default) displays HH.MM, S = HH.MM.SS, or H = HH.MM.SS.TH.
OUTPUT LIST NAME: LIST ID
Specifies the 1- to 8-character output list name. ISPF prefixes the name you specify with the user's prefix from his profile and the characters ACF2.ACFRPTRL. For example, if you specify TEST as the output list name, your output list data set name is 
dft-pfx
.ACF2.ACFRPTRL.TEST.
DETAIL|SUMMARY
Specifies one line of information for each INSERT, CHANGE, or DELETE subcommand entry. SUMMARY is the default.
The DETAIL parameter produces additional lines of information for any INSERT, CHANGE, or DELETE subcommand entry updating the Infostorage database for structured RULES records and resource rules. This information includes:
  • The name of each field changed in the RULES database record.
The old value of each field.
The new value of each field.
A complete before and afterimage of a decompiled rule set, when a change affects a rule set. For deleted rule sets, the decompiled rule set that was deleted is shown.
This detailed information is not produced for unstructured infostorage records, such as scope and shift. SMF records for unstructured infostorage records contain the deleted image; however, the information is unprintable on the report.
Note
: The deleted image on the SMF record is available to the user as a tracking mechanism. This record creates a specific audit trail of deleted records, giving a detailed image of each record that is deleted. If a CA ACF2 database record is reconstructed, a new record is created from the image. For information about how to recover records, see “Database Recovery.”
CHANGE DESCRIPTION
Produces the entries deleted or inserted into a rule set. This option is valid with the Detail option only.
SPECIFY INPUT DATA SET(S) FOR ACFRPTRL
For an explanation of your options, see Input and Output Files for Report Generators in Reporting.
LOGSTREAM
Indicates if LOGSTREAM SMF data needs to be retrieved. This parameter is available for z/OS1.9 and higher when the SNF data is being captured by a LGR LOGSTREAM structure. When Y is specified an ACFRPTAL is displayed to provide specific logstream parameters.
Running the Report Using JCL
You can use JCL instead of the ISPF panel to run the ACFRPTRL report. The following are the parameters for this report.
You can use JCL to run the ACFRPTRL utility. To run the ACFRPTRL report, see the documentation about using sample JCL to execute reports. The following are the parameters for this report.
[SUMMARY|DETAIL]
Specifies the format of the ACFRPTRL report. The SUMMARY parameter produces the report with one line of information for each INSERT, CHANGE, or DELETE subcommand entry.
For changed or inserted access rules, the DETAIL parameter produces the before and afterimage of the decompiled rule set. For deleted access rules, the deleted decompiled access rule set is shown.
[CHANGES]
For changed rules, the CHANGES parameter produces the entries deleted from the beforeimage and the entries inserted into the afterimage of the rule set. These changes are reported immediately following the afterimage.
[MASK(********|
rulemask
)]
Specifies an eight-character mask used to select update reports for a specific data set index or group of indexes. The default causes all access rule update information to be output.
[LIDNAME|
NOLIDNAME
]
Default NOLIDNAME requests the LID field to be reported. LIDNAME requests the full user name to be reported too.
Common Parameters
ACFRPTRL accepts the following parameters. 
  • LINECNT
  • JOBMASK
  • TITLE
  • SDATE
  • EDATE
  • STIME
  • ETIME
  • SELECT
  • SYSID
  • HEX
  • COND
  • TIME
Input and Output Files
ACFRPTRL uses the SYSPRINT, SYSIN, and RECxxxxx files, described in the documentation about input and output files for report generators. 
Sample Output
Sample output is provides for the ACFRPTRL report using the SUMMARY and DETAIL parameters.
SUMMARY
The following is sample output using the SUMMARY parameter of the ACFRPTRL report and the default TIME(M).
<acf> Security - ACFRPTRL - RULE MODIFICATION LOG - PAGE 1 DATE 05/25/05 (05.145) TIME 02.17 RULE DB LOG DATE TIME RULE-ID JOBNAME CHANGER/ CHANGE CPU NAME 05.145 05/25 01.57 SYSPROG TLC454 TLC454 REPLACE CPU1 USER TLC454 05.145 05/25 02.00 PROD01 TLC475 TLC475 INSERT CPU1 USER TLC475 05.145 05/25 02.01 TEST05 TLC475 TLC475 DELETE CPU1 USER TLC475
In this example, the first entry was made at 1:57 a.m. on May 25th. The TLC454 logonid changed the rule record identified by the SYSPROG rule ID. Other entries are read in a similar manner.
DETAIL
The following is sample output using the DETAIL parameter of the ACFRPTRL report and TIME(S) parameter.
<acf> Security - ACFRPTRL - RULE MODIFICATION LOG - PAGE 1 DATE 05/25/05 (05.145) TIME 02.17 RULE DB LOG DATE TIME RULE-ID JOBNAME CHANGER/ CHANGE CPU NAME 05.145 05/25 01.57.29 SYS9 TLC454 TLC454 BFORREPL CPU1 USER TLC454 ACF75052 ACCESS RULE SYS9 STORED BY TLC725 ON 02/13/96-13:43 $KEY(SYS9) - UID(*) READ(A) EXEC(A) 05.145 05/25 01.57.29 SYS9 TLC454 TLC454 REPLACE CPU1 USER TLC454 ACF75052 ACCESS RULE SYS9 STORED BY TLC454 ON 05/25/05-01:57 $KEY(SYS9) - UID(*) READ(A) WRITE(A) ALLOC(A) EXEC(A) 05.145 05/25 02.00.39 PROD01 TLC475 TLC475 INSERT CPU1 USER TLC475 ACF75052 ACCESS RULE PROD01 STORED BY TLC475 ON 05/25/05-02:00 $KEY(PROD01) - UID(*) READ(A) WRITE(A) ALLOC(A) EXEC(A) 05.145 05/25 02.01.10 TEST05 TLC475 TLC475 DELETE CPU1 USER TLC475 ACF75052 ACCESS RULE TEST05 STORED BY TLC723 ON 08/20/02-07:59 $KEY(TEST05) - UID(*****TLC) READ(A) WRITE(A) ALLOC(A) EXEC(A)
This report contains the entries similar to those shown in the previous example with time displayed in format HH.MM.SS, and additional lines of information showing the decompiled rule. In the first entry, the TLC454 logonid replaced the rule identified by the $KEY of SYS9. The afterimage of the decompiled rule set is also shown in this case because the rule was changed. For deleted rule sets, the decompiled image of the deleted rule set is shown. Other entries are read in a similar manner.
Field Descriptions
DATE
The Julian and Gregorian date when the update was made. The format of this date is MM/DD or DD/MM, based on the DATE option in the GSO OPTS infostorage record.
TIME
The time when the update was made.
RULE-ID
The $KEY value (high-level index name) of the updated access rule set.
JOBNAME
The name of the job under which the updates were made. If this is a TSO session, in general, the job name and the changer are the same.
CHANGER
The logonid of the user who issued the update request.
CHANGE
Indicates the type of update performed:
  • INSERT-a new access rule set record was inserted.
  • BFORREPL-an old access rule set was changed. This is the before image.
  • REPLACE-an old access rule set was changed. This is the after image.
  • DELETE-an access rule set was deleted.
CPU
The SMF name of the CPU from which the change was executed.
NAME
The name of the user who issued the update request.