ACFRPTSL-Selected Logonid List

1
acf2src
 
 
1
 
 
The ACFRPTSL report generator provides a listing of all logonid records that match the set of selection criteria specified in the report (JCL) parameters. This report generator provides the ability to copy all logonid records or to select and print specific logonid records. The IF parameter enables flexible record selection criteria and the SFLDS parameter enables flexible field printing and editing.
Checking Authorization
 
CA ACF2
 checks whether the person submitting the utility is authorized to view or manipulate the input SMF data. If you specify RPTSCOPE in the GSO OPTS record, a user is restricted to the SMF record data that matches his or her privileges and restrictions. In the default case of NORPTSCOPE, no authorization checking is done.
If the ACFRPTSL report is run against SMF data, the following privileges and restrictions of the user running the report are validated as part of the report processing when RPTSCOPE is specified: SECURITY, ACCOUNT, or AUDIT of the logonid record and UID or LID fields in the associated scope record. If the user has one of these authorities and the SMF record is within the scope of the user's logonid, or the user's logonid is matched, the user can view the report.
Running the Report Using ISPF Panel
You can use the ACFRPTSL ISPF panel to create your input for the report. The following parameters can be found on the ACFRPTSL ISPF panel.
 
TITLE
 
Specifies a character string added to other title information at the top of the report. This character string can be up to 35 characters in length. If you do not specify this parameter, the report generator uses the first 35 characters in the PARM field of the EXEC statement. If this character string is longer than 35 characters, only the first 35 characters are used.
 
LOGONID MASK
Specifies a particular logonid or group of logonids for processing. The default specifies all logonids for processing. The MASK parameter makes selections before the IF parameter. Therefore, if the MASK parameter does not select a logonid, the report never reaches the IF parameter processing.
 
UPDATE
Specifies a summary of logonid modifications including any JES
x
 and logon validation updates. NOUPDATE lists only nonvalidation updates. NOUPDATE is the default because of the volume of validation updates (one for every job and TSO session). Use this parameter only if you specify INPUT(SMF).
 
DTCFIELD
Interacts with REPORT(SHORT) to create a condensed version of the SHORT format.
  • YES-the DATE, TIME, and CHANGER fields appear on the report.
  • NO-the DATE, TIME, and CHANGER fields do not appear on the report. This option is usually used with the SFLDS option.
 
ACCESS DAYS
 
Number of days to limit the report to the logonids that have accessed the system during those days specified here. The default none () will simply report all the logonids according other eventual criteria.
 
 
INPUT AND REPORT TYPE
Specifies the type of input to process. The subparameter must be one of the following keywords designating the file attributes. If you omit this parameter, CA ACF2 prints a message and terminates ACFRPTSL.
  • SMF-input is accepted as CA ACF2 logonid modification SMF records, as described in ACFRPTLL-Logonid Modification Log. This parameter runs the report against SMF data for the time period specified. The SMF parameter selects records that have been updated.
  • BKUP-input is accepted as a VB format file, as produced by the CA ACF2 automatic backup facility. This parameter does not affect performance like the ACF2 parameter.
  • ACF2-input is accepted as unformatted records from the logonid database. To use the Logonid database for input requires that the person executing the report have the SECURITY, ACCOUNT or AUDIT privilege. In addition, only those logonid records that the person running the report has authority to access are included in the report output.
  • Thus, if a user requested all logonids with the IMS privilege, but had a scope record that permitted him or her to access only logonid records for users in a specific department, the report output would list only those logonids for users with the IMS privilege who were in that department.
     Running the ACFRPTSL report with ACF2 specified might affect performance. If you run this report against the online databases and you notice performance degradation, do not cancel this job. Serious system errors might result.
 
SHORT
Specifies a one-line summary consisting of the logonid, name, date, time, and changer. This format fits an 80-character screen width. The SFLDS parameter can extend this format (that is, multiple lines if needed) to include other fields from the logonid record.
 
FULL
Specifies a replica of the output from the ACF command list subcommand and that fits on a 133-character print line.
 
NONE
No report is generated. This parameter is useful if ACFRPTSL is used as a copy utility for logonid records (see SAVEREC in the Input and Output Files section of this page).
 
OUTPUT LIST NAME: LIST ID
Specifies the 1- to 8-character output list name. ISPF prefixes the name you specify with the user's prefix from his profile and the characters ACF2.ACFRPTSL. For example, if you specify TEST as the output list name, your output list data set name is 
dft-pfx
.ACF2.ACFRPTSL.TEST.
 
SYSLIB DATA SET NAME
A partitioned data set that contains an ACFFDR module. This module defines the fields in the CA ACF2 logonid record for ACFRPTSL IF statement processing.
Note: 
This ACFFDR module is usually an older version of the current production module.
If you enter Y in the SMF field on ACFRPTSL panel, the SLSMF panel displays to specify the characteristics of the input SMF files:
SLSMF ------------ ACFRPTSL - SELECTED LOGONID LIST --------------------------- COMMAND ===> ***************************************************************************** ** ** ** YOU HAVE CHOSEN A INPUT TYPE OF "SMF" ** ** ** ** PLEASE SUPPLY A FULLY QUALIFIED DATA SET NAME(S). (I.E., 'SYS1.MANY'). ** ** AND/OR INDICATE WHETHER YOU WILL PROVIDE LOGSTREAM PARAMETERS (Y/N) ** ** ** ***************************************************************************** SPECIFY INPUT DATA SET(S) FOR ACFRPTSL - LOGSTREAM REPORT ===> N (Y/N) //RECMAN1 ===> 'DAMYV01.SMFJR' //RECMAN2 ===> //RECMAN3 ===>
Specify Input Data Sets for ACFRPTSL
 
LOGSTREAM
Indicates if LOGSTREAM SMF data needs to be retrieved. This parameter is available for z/OS1.9 and higher when the SNF data is being captured by a LGR LOGSTREAM structure. When Y is specified an ACFRPTAL is displayed to provide specific logstream parameters.
 
PAGEHDR(
YES
|NO|ONCE)
Specifies how the page header is appears.
  •  
     
    YES
     
    Header is printed at the beginning of each page.
  •  
    NO
    No header is printed.
  •  
    ONCE
    Header is printed only once, at the beginning of the first page.
 
LINECTL|NOLINECTL
 
Specifies if blank lines and/or ANSI line control characters are produced.
Running the Report Using JCL
You can use JCL to run the ACFRPTSL utility. To run the ACFRPTSL report, see the documentation about using sample JCL to execute reports. The following are the parameters for this report.
 
DTCFIELD(YES|NO)
 
Interacts with REPORT(SHORT) to create a condensed version of the SHORT format.
  • YES - the DATE, TIME, and CHANGER fields appear on the report.
  • NO - the DATE, TIME, and CHANGER fields do not appear on the report. This option is usually used with the SFLDS option.
  •  
    LSTACCD()
    Number of days to limit the report to the logonids that have accessed the system during those days specified here. When not specified or specified as LSTACCD(), The report will contain all the logonids according to other eventual criteria.
  •  
    {INPUT(SMF|BKUP|ACF2)}
    Specifies the type of input to process. The subparameter must be one of the following keywords designating the file attributes. If you omit this parameter, CA ACF2 prints a message and terminates ACFRPTSL.
    • SMF-input is accepted as CA ACF2 logonid modification SMF records, as described in ACFRPTLL-Logonid Modification Log. This parameter runs the report against SMF data for the time period specified. The SMF parameter selects records that have been updated.
    • BKUP-input is accepted as a VB format file, as produced by the CA ACF2 automatic backup facility. Use the BKUP parameter to obtain the most current records of SMF data. This parameter does not affect performance like the ACF2 parameter.
    • ACF2-input is accepted as unformatted records from the Logonid database. To use the Logonid database for input requires that the person executing the report have the SECURITY, ACCOUNT, or AUDIT privilege. In addition, only those logonid records that the person running the report has authority to access are included in the report output. Thus, if a user requested all logonids with the IMS privilege, but had a scope record that permitted him or her to access only logonid records for users in a specific department, the report output would list only those logonids for users with the IMS privilege who were in that department.
      Note:
       Message ACF64001 - USER REQUESTING REPORT - lid-name, is issued which defines the user's scope.
    CAUTION! 
    Running the ACFRPTSL report with ACF2 specified might affect performance. If you run this report against the online databases and you notice performance degradation, do not cancel this job. Serious system errors might result
  •  
    [IF(field-name-operators)]
    Enables you to define flexible record selection criteria. This parameter is formatted similarly to a high-level programming language IF statement. The variables available for processing are the various logonid record field names or constants (defined in the following). The available operators are also defined in the following. The full IF expression is evaluated as an algebraic expression yielding a TRUE (that is, select record) or FALSE (that is, bypass record) value. If the result of the IF expression is a quantity, NONZERO is considered TRUE (selected) and a zero value is considered FALSE (not selected). Parentheses can group expressions to override the normal precedence order.
    IF expression constants
    When specifying a constant (specific value) in the IF statement, use the following formats:
 
Format
 
 
Contents
 
 
Type
 
'aaaa' or C'aaaa'
Alphanumerics
Character fields
Nnnn
Numerics
Binary number fields
X'xx'
Hex numbers
Hex fields
B'n'
1 or 0 (1=on, 0=off)
Bit (flag) fields
P'nn'
Numerics
Packed decimal fields
D'mm/dd/yy' or D'dd/mm/yy' or D'yy/mm/dd' or
D'CURRDATE'
Numerics with dividing Date field slashes (which format is used is based on local system option).
Use single quotes before and after the date.
D'CURRDATE' specifies the actual date. For example, D'CURRDATE-30' specifies the current date minus 30 days. D'CURRDATE+30' specifies the current date plus 30 days.
 
U'xxxx'
Any of the above contents might be used. 
CA ACF2
 resolves the data type to the preceding symbol within the expression.
 
 
Note
: You can designate the DATE field as a TOD clock field or you can store the DATE field as a packed decimal in the logonid record; however, the output is a date. Time-of-day fields are treated as date fields only. No comparison is made of the time portion of the field by the IF processor.
Date constants must be used in IF expressions for comparisons. Date constants should be used for comparisons only. Using date constants in arithmetic expressions can produce unexpected results because 
CA ACF2
 evaluates the arithmetic expression after it converts the date constant to a Julian date. The following is an example of using date constants in arithmetic expressions:
D'01/01/93' - D'12/31/92'
 
CA ACF2
 changes the date of 01/01/93 to 93001 and the date of 12/31/92 to 92366. The value is therefore 635, not the expected value of 1.
The IF expression operators (in order of precedence) are as follows:
 
 
Precedence
 
 
Character
 
 
Symbol
 
 
Meaning
 
1.
NOT
Not
2.
OR
|
Or
3.
AND
& or ,
And
4.a.
EQ
=
Equal
4.b.
NE
=
Not equal
4.c.
LE
<=
Less than or equal to
4.d.
GE
>=
Greater than or equal to
4.e.
LT
<
Less than
4.f.
GT
>
Greater than
5.
 
-
Designates negative value
6.a.
 
*
Multiply
6.b.
 
/
Divide
7.a.
 
+
Add
7.b.
 
-
Subtract
8.
 
||
Concatenated to (that is, used between field names, in sequence, to show concatenation of fields). Since UID is not an actual field in the logonid record and cannot be referenced directly, this can be used to build a UID.
Use the symbols in the chart or the character abbreviation is acceptable to the program.
The command accepts only one IF statement. However, you can specify multiple criteria in one statement. If the criterion needs to continue onto more than one line, use a dash (-) as the last non-blank character on the line. 
CA ACF2
 recognizes a continuation character unconditionally. For example:
l if(security and noims and account and nocics and -tsoproc='tsoproc' and - acc-date le u'01/01/98' and acc-cnt ge 123 and group = 'acfgroup' - and maxdays = 0 and tsorba le u'1234')
 
[MASK(
********
|
logonid-mask
)]
Selects a particular logonid or group of logonids for processing. The default specifies all logonids for processing. The MASK parameter makes selections before the IF parameter. So, if the MASK parameter does not select a logonid, the report never reaches the IF parameter processing.
 
{REPORT(SHORT|FULL|NONE)}
Specifies the format of the report issued by ACFRPTSL. The subparameter is one of the following keywords. This parameter is required. If you omit this parameter CA ACF2 prints a message and terminates ACFRPTSL.
  • SHORT-specifies a one-line summary consisting of the logonid, name, date, time, and changer. This format fits an 80-character screen width. The SFLDS parameter can extend this format (that is, multiple lines if needed) to include other fields from the logonid record.
  • FULL-specifies a replica of the output from the ACF command list subcommand and that fits on a 133-character print line.
  • NONE-no report is generated. This parameter is useful if ACFRPTSL is used as a copy utility for logonid records (see SAVEREC in the Input and Output Files section of this page).
 
[SFLDS(field-list)]
This parameter is valid only if the REPORT(SHORT) parameter is specified. The field list contains the external field names (as defined in the ACFFDR @CFDE entries) of the selected logonid record fields that are formatted with the basic short format fields. The fields are formatted in the order specified with headings produced for each field. If too many fields are specified for one line, multiple lines are generated. If the field list continues onto more than one line, place a dash (-) at the end of the line.
The field-list is limited to a total length of 255 characters. If you specify a value greater than 255 characters, you get message ACF49022 - INVALID OPERAND VALUE FOR KEYWORD and a return code of 08.
 
[UPDATE|
NOUPDATE
]
UPDATE requests a summary of logonid modifications including any JES
x
 and logon validation updates. NOUPDATE lists only nonvalidation updates. NOUPDATE is the default because of the volume of validation updates (one for every job and TSO session). Use this parameter only if you specify INPUT(SMF).
 
PAGEHDR(
YES
|NO|ONCE)
Specifies how the page header is appears.
  •  
     
    YES
     
    Header is printed at the beginning of each page.
  •  
    NO
    No header is printed.
  •  
    ONCE
    Header is printed only once, at the beginning of the first page.
Common Parameters
Parameters are taken from ISPF, and both the JCL parameter string and the SYSIN file. If JCL and the SYSIN file are used, they are combined for processing. ACFRPTSL accepts the following parameters.  
  • LINECNT
  • TITLE
  • SDATE
  • EDATE
  • STIME
  • ETIME
  • SELECT
  • HEX
  • SYSID
Input and Output
ACFRPTSL uses the standard SYSPRINT, SYSIN, and RECxxxxx files. For more information, see the documentation about input and output files for report generators. REC
xxxxx
is used if only INPUT(SMF) is specified. The following files are also used.
 
BACKUP
 
The ddname for type BKUP input. This is a VB format data set produced by the CA ACF2 automatic backup facility.
 
SAVEREC
 
The ddname for the copy function output file. This copy function occurs only if this file is defined. The DCB options are LRECL=1236 and RECFM=VB. The BLKSIZE parameter can be specified in the JCL; the default is BLKSIZE=3665. The format of the output record depends on the input type. If the input type is SMF, the format is CA ACF2 logonid modification SMF records. If the input type is CA ACF2 or BKUP, the format is the same as CA ACF2 logonid database records.
 
SYSLIB
 
A partitioned data set that contains an ACFFDR module. This module defines the fields in the CA ACF2 logonid record for ACFRPTSL IF statement processing.
 
This ACFFDR module is usually an older version of the current production module.
Reporting on Multi-Value Logonid Fields
The ACFRPTSL report records multi-value field information. Use this report utility to determine which users are assigned certain values. Use the IF parameter to extract a particular value. The REPORT parameter determines the type of output: REPORT(FULL) displays the full logonids of all users and REPORT(SHORT) displays only the fields indicated by the SFLDS parameter. Sample JCL to run the ACFRPTSL report follows:
//RPTSL JOB //ACFRPTSL EXEC PGM=ACFRPTSL //SYSPRINT DD SYSOUT=* //SYSIN DD * TITLE(MULTI-VALUE FIELD: VALUE01/VALUE02) REPORT(SHORT) INPUT(ACF2) IF(MLTFLD = 'VALUE01' OR MLTFLD = 'VALUE02') SFLDS(MLTFLD) //
When the criteria are met, the report shows all values of the multi-value field for each user:
<acf> SECURITY - ACFRPTSL - LOGONID SUPERLIST REPORT - PAGE 1 DATE mm/dd/yy (yy.ddd) TIME hh.mm MULTI-VALUE FIELD: VALUE01/VALUE02 LOGONID NAME DATE TIME CHANGER MULTFLD ------- ---- -------------- ------- USER001 USER NAME 1 yy/dd/yy-hh:mm VALUE01 USER002 USER NAME 2 yy/dd/yy-hh:mm VALUE02 USER003 USER NAME 3 yy/dd/yy-hh:mm VALUE02 VALUE05 VALUE07 USER004 USER NAME 4 yy/dd/yy-hh:mm VALUE01 VALUE03
Sample Output
The JCL shown in the following runs the ACFRPTSL report and produces output in the SHORT format. You can modify it to produce the FULL format or NONE, as needed.
//SAMPLE JOB 1, 'ACFRPTSL REPORT',MSGCLASS=A //REPORT EXEC PGM=ACFRPTSL //SYSPRINT DD SYSOUT=* //SYSIN DD * TITLE(ALL LIDS MAX PSWD-VIO REACHED) REPORT(SHORT) INPUT(BKUP) IF(PSWD-VIO >= 5) SFLDS(PSWD-VIO PSWD-DAT PSWD-TIM PSWD-SRC) /* //BACKUP DD DSN=... ACF2 LOGONID BACKUP DATABASE //SYSLIB DD DSN=... LIBRARY WHICH CONTAINS ACFFDR //
The following example illustrates the SHORT format of the report as it appears on the terminal:
<acf> SECURITY - LOGONID SUPERLIST REPORT - PAGE 1 DATE 08/14/98 (98.327) TIME 12.54 - LOGONID NAME DATE TIME CHANGER ACC-CNT STC ACFSTCID DEFAULT STC ID 08/14/98-12:18 15,032 YES #PROD RESTRICTED PROD ID 08/14/98-12:48 27,767 NO JOB STC JOB 08/14/98-12:49 18,205 YES
The following example illustrates the FULL format of the report.
<acf> SECURITY - ACFRPTSL - LOGONID SUPERLIST REPORT - PAGE 1 DATE 08/14/98 (98.327) TIME 12.07 - AAAO ACSAAAO ANDERSON,ARTHUR A SITE(A) DEPARTMT(CS) ACCESS ACC-CNT(0) ACC-DATE(00/00/00) ACC-TIME(00:00) PASSWORD PSWD-DAT(00/00/00) PSWD-TOD(06/06/98-22:42) PSWD-VIO(0) PSWDCVIO(0) TSO CMD-LONG INTERCOM JCL LGN-ACCT LGN-PROC LGN-TIME PMT-ACCT PROMPT TSOACCT(1234) TSOPROC(AALOGONA) TSORGN(512) TSOSIZE(1,024) TSOUNIT(SYSTSO) VLD-ACCT VLD-PROC WTP STATISTICS CRE-TOD(00/00/00-00:00) SEC-VIO(0) UPD-TOD(04/23/98-12:55) RESTRICTIONS PREFIX(AAAO) TSOCMDS(ACFCLUSR) AAA1 BTAAAA1 ALBERTS,ANDREW A SITE(B) DEPARTMT(TA) ACCESS ACC-CNT(143) ACC-DATE(07/02/98) ACC-TIME(17:30) PASSWORD PSWD-DAT(04/22/98)PSWD-TOD(03/27/98-13:25) PSWD-VIO(2) PSWDCVIO(0) TSO CHAR(BS) CMD-LONG DFT-PFX(AAA1) INTERCOM JCL LGN-ACCT LGN-PROC LGN-TIME PMT-ACCT PROMPT TSOACCT(1234) TSOCMDS(ACFCLUSR) TSOPROC(AALOGONB) TSORGN(512) TSOSIZE(1,024) TSOTIME(10) TSOUNIT(SYSTSO) VLD-ACCT VLD-PROC WTP STATISTICS CRE-TOD(00/00/00-00:00) SEC-VIO(0) UPD-TOD(07/02/98-17:30) RESTRICTIONS PREFIX(AAA1) AAA3 CCEAAA3 AARDVARK,ALICE A SITE(C) DEPARTMT(CE) ACCESS ACC-CNT(0) ACC-DATE(00/00/00) ACC-TIME(00:00) PASSWORD PSWD-DAT(06/18/98) PSWD-TOD(06/06/98-22:43) PSWD-VIO(1) PSWDCVIO(0) TSO CMD-LONG INTERCOM JCL LGN-ACCT LGN-PROC LGN-TIME PMT-ACCT PROMPT TSOACCT(999) TSOCMDS(ACFCLUSR) TSOPROC(AALOGONA) TSORGN(512) TSOSIZE(1,024) TSOUNIT(SYSTSO) VLD-ACCT VLD-PROC WTP STATISTICS CRE-TOD(00/00/00-00:00) SEC-VIO(0) UPD-TOD(06/18/98-10:48) RESTRICTIONS PREFIX(AAA3)
 
Field Descriptions
 
CHANGER
 
The logonid of the user who initiated the change request. This field is JES2 or JES3 for batch job validation or MSTRJCL for logon validation records.
Note: This field has an entry only if INPUT(SMF) was specified.
  •  
    DATE
    The Julian and Gregorian date when the last update was made. The format of this date is MM/DD/YY, DD/MM/YY, or YY/MM/DD, based on the DATE option in the GSO OPTS infostorage record.
  •  
    FIELD1, FIELD2...
    These fields are specified in the SFLDS parameter. For definitions of these fields, see @CFDE -- Create Field Definition Entry Macro. Additional information can be found in Implement CA ACF2.
  •  
    LOGONID
    The logonid of the user.
  •  
    NAME
    The name of the user.
  •  
    TIME
    The time when the update was made.