ACFXREF - XREF Cleanup Utility

Describes the ACFXREF utility
acf2src
The ACFXREF utility was created for CA ACF2 DB2 users implementing secondary authids. The ACFXREF utility identifies INCLUDE or EXCLUDE values that are no longer valid. X-SGP records reference logonid records, access rule records and resource rule records. X-SGP records also reference other X-SGP records. X-RGP records reference resource rule records and other X-RGP records. The utility was enhanced to identify invalid values in X-ROL records. X-ROL records reference logonid records and other X-ROL records. This utility will provide an efficient method of identifying invalid INCLUDE or EXCLUDE values in cross-reference records on the INFOSTG database.
Optionally, the ACFXREF utility can write commands to a file that will remove invalid values from records. Additionally, commands are written to a separate file that can be used to restore the values removed by the above mentioned commands. The command files can be directly input into the ACFBATCH utility.
The utility requires several parameters that are used to generate a report on invalid INCLUDE or EXCLUDE values.
Files
  • CMDS
ACFXREF optionally writes commands to the file specified in the CMDS DD. The commands remove invalid entries from XREF records. BACKOUT file is required if CMDS is specified.
  • BACKOUT
ACFXREF optionally writes commands to the file specified in the BACKOUT DD. The commands restore invalid entries removed from XREF records by the commands in CMDS. BACKOUT file is required if CMDS is specified.
  • SYSPRINT
Directs output to a printer or a listing data set.
Parameters
ACFXREF parameters are entered using the JCL SYSIN field in batch.
The following parameters specify the class and type of cross-reference record, what is referenced by INCLUDE or EXCLUDE and the cross-reference record ids.
  • CLTYPE(class and type)
    Indicates the class and type of records to be processed by the utility. Valid values are: XSGP for source group records, and XRGP for resource group records, XROL for role records.
  • SRCETYPE(type1,type2)
    Indicates cross-reference records are referencing rules. This parameter is optional for XSGP processing. Valid values are: Access for access rules, Logonid for logonids, or both.
  • RGPTYPE(type)
    Required of scoped security users specifying X-RGP records for processing.
  • RECID(recid1, recid2, recid3, …)
    Used to specify cross-reference record ids to be processed by the utility. The record ids can be masked with a '-' at the end. To specify all records enter a '-' for RECID.
  • SYSID(name)
    Specifies a SYSID to use when processing XREF records. The SYSID parameter is maskable with asterisks (*) only. A dash is not an acceptable masking character for SYSID, it is treated as a literal character. If not specified, the default is to process all XREF records.
Implementing ACFXREF
Implement ACFXREF by:
  • Submitting batch JCL
  • Using ISPF panels
To execute ACFXREF in batch, use the following JCL:
//ACFXREF JOB 1,'XREF TEST' //CLEANUP EXEC PGM=ACFXREF //SYSPRINT DD SYSOUT=* //CMDS DD DSN=TESTUSER.CMDS, // DISP=(NEW,CATLG),SPACE=(CYL,(1,1)), // UNIT=3390,VOL=SER=VOL001 //BACKOUT DD DSN=TESTUSER.BACKOUT, // DISP=(NEW,CATLG),SPACE=(CYL,(1,1)), // UNIT=3390,VOL=SER=VOL002 //SYSIN DD * CLTYPE(XSGP) RECID(-) /*
To run ACFXREF using ISPF panels, select option 5 from the CA ACF2 Security Processor Menu.
---------------- <acf> Security UTILITY PROCESSOR MENU --------------- OPTION ===> 5 1 ACFDEL - THE DATA DISPOSAL UTILITY 2 ACFSYNCH - THE LOGONID BROADCAST PROCESSOR 3 ACFCLEAN - <acf> REPORT PROGRAM PROCESSOR DATA SET CLEANUP 4 ACFMERGE - <acf> MERGE PASSWORD INFORMATION IN DATABASE 5 ACFXREF - <acf> CROSS REFERENCE CLEANUP UTILITY
This takes you to the CA ACF2 Security Cross-Reference Cleanup Utility screen where you would enter the input for the utility.
---------------- <acf> CROSS-REFERENCE RECORD CLEANUP UTILITY ------------- COMMAND ===> ENTER JOB STATEMENT INFORMATION FOR BATCH JOB BEING GENERATED. ===> ______________________________________________________________________ RECORD CLASS/TYPE ===> ____________ (XSGP, XRGP or XROL) SOURCE TYPE (ENTER LOGONID OR ACCESS ON EACH LINE) (OPTIONAL) => _______________ => ______________ X-RGP RECORD TYPE ===> ______________ (FOR SCOPED SECURITY USERS) RECID (XREF RECORD ID) => ________________________ => ________________________ => ________________________ => ________________________ => ________________________ => ________________________ CMDS FILE DATA SET: DATA SET NAME ===> __________________________________________ VOLUME SERIAL ===> ______ (If not cataloged) BACKUP FILE DATA SET: DATA SET NAME ===> __________________________________________ VOLUME SERIAL ===> ______ (If not cataloged)
The input will be added to a batch job that is generated from the panel.
//ACFXREF JOB 1, 'XREF CLEANUP' //* //********************************************************************* //* //* THIS STEP EXECUTES THE CA ACF2 XREF UTILITY WHICH IDENTIFIES //* INVALID INCLUDE OR EXCLUDE VALUES CONTAINED IN CROSS-REFERENCE //* RECORDS. //* //********************************************************************* //CLEANUP EXEC PGM=ACFXREF //SYSPRINT DD SYSOUT=* //CMDS DD DSN=TESTUSER.CMDS, // DISP=(NEW,CATLG),SPACE=(CYL,(1,1)), // UNIT=3390,VOL=SER=VOL001 //BACKOUT DD DSN=TESTUSER.BACKOUT, // DISP=(NEW,CATLG),SPACE=(CYL,(1,1)), // UNIT=3390,VOL=SER=VOL002 //SYSIN DD *
When the batch job completes, the SDSF output will look like the following:
CA ACF2 - XREF CLEANUP REPORT DATE 02/24/10 ( 10.055 ) TIME 18.32 PAGE 1 RESOURCE(XROL) GROUP SYSID(LONG) RECID - USERGRP DESCRIPT() LIST OF INCLUDE VALUES: USER- LIST OF EXCLUDE VALUES: NONE RESOURCE(XROL) ROLE SYSID(LONG) RECID - USER- DESCRIPT() LIST OF VALUES THAT MATCHED MASK: USER4 USER3 USER2 USER1 USERSEC USERGRP RESOURCE(XROL) ROLE SYSID(LONG) RECID - USERSEC DESCRIPT() LIST OF INCLUDE VALUES: PGMR0- LIST OF EXCLUDE VALUES: PGMR04 PGMR03 PGMRJ02 -- VALUE NOT FOUND
For each record, the record class and type, function, sysid and record id is listed along with a list of include and exclude values, values that match masked entries, and values that are invalid.