Detailed Report

Running the Command Limiting Report (CL) › Sample Report › Detailed Report

Detailed Report

Shown below are examples of the detailed version (both terminal and printer format) of the ACFRPTCL report.

Printer Format

CA ACF2 for z/VM SECURITY - ACFRPTCL CMDLIM/DIAGLIM JOURNAL - PAGE 1 DATE 08/02/98 (98.214) TIME 08.10 UID COMMAND NAME RM-RC INST LID LOG TYPE JNAME CPUI SOURCE DATE TIME COMMAND TEXT / DIAGNOSE NUMBER (HEX) TLC99VPAYAMS MSGNOH ACCESS AUTOLOG1 AUTOLOG ID LOG VPAYAMS USCH DISCONN 98.214 08/02 00.00 MSGNOH USERI01 00:00:06 CACC105I TRACKING FILE CLEAN UP IN PROGRES ALLOWED BY RULE ------------------------------------------------------------------------ TLC99VPAYAMS MSGNOH ACCESS AUTOLOG1 AUTOLOG ID LOG VPAYAMS USCH DISCONN 98.214 08/02 00.00 MSGNOH USERI01 00:00:06 CACC106I TRACKING FILE CLEAN UP COMPLETED ALLOWED BY RULE ------------------------------------------------------------------------ TLC99VPAYAMS MSGNOH ACCESS AUTOLOG1 AUTOLOG ID LOG VPAYAMS USCH DISCONN 98.214 08/02 00.00 MSGNOH USERI01 00:00:06 CACC050I AUTOSCAN IN PROGRESS FOR SYSID A ALLOWED BY RULE ------------------------------------------------------------------------ TLC99VPAYAMS MSGNOH ACCESS AUTOLOG1 AUTOLOG ID LOG VPAYAMS USCH DISCONN 98.214 08/02 00.00 MSGNOH USERI01 00:00:06 CACC051I AUTOSCAN COMPLETED ALLOWED BY RULE ------------------------------------------------------------------------ CA ACF2 for z/VM SECURITY - ACFRPTCL CMDLIM/DIAGLIM CROSS REFERENCE - PAGE 1 DATE 08/02/98 (98.214) TIME 08.10 COMMAND COUNT LID COUNT LID COUNT MSGNOH 4 ------------------ AUTOLOG1 4

Terminal Format

               {report name}                                     {page}

CA ACF2 for z/VM SECURITY - ACFRPTCL CMDLIM/DIAGLIM JOURNAL - PAGE 1

DATE 04/23/98 (98.113) TIME 07.46  For Entire Company

 {lid}     {date}    {time}    {record}        {inst}        {rmrc}

AUTOLOG1 98.111 04/21 00.00 COMMAND LOGGING SEC-OFF RKEY=MSGNOH5

{session}                         {uid}

SCHDCMS  NAM=AUTOLOG ID          UID=SHV99STLCCMS

{cpuid}  {source}                {acc/noac}             {cmdmsg}

USCH     SRC=DISCONN             ACCESS                 CMD=MSGNOH

{cmd/diag}

CMD/DIAG=MSGNOH USERI01 00:00:06 CACC105I TRACKING FILE CLEAN UP IN

   {reason code}

REASON CODE=ALLOWED BY RULE

AUTOLOG1 98.111 04/21 00.00 COMMAND LOGGING

SCHDCMS  NAM=AUTOLOG ID          UID=SHV99STLCCMS

USCH     SRC=DISCONN             ACCESS

CMD/DIAG=MSGNOH USERI01 00:00:06 CACC106I TRACKING FILE CLEAN UP CO

REASON CODE=ALLOWED BY RULE

AUTOLOG1 98.111 04/21 00.00 COMMAND LOGGING

SCHDCMS  NAM=AUTOLOG ID          UID=SHV99STLCCMS

USCH     SRC=DISCONN             ACCESS

CMD/DIAG=MSGNOH USERI01 00:00:06 CACC050I AUTOSCAN IN PROGRESS FOR

REASON CODE=ALLOWED BY RULE

CA ACF2 for z/VM SECURITY - ACFRPTCL CMDLIM/DIAGLIM CROSS REFERENCE - PAGE 1 DATE 04/23/98 (98.113) TIME 07.47 COMMAND COUNT LID COUNT LID COUNT $START 7 ------------------ SYSTEM 7 ATTACH 11 ------------------ TLCSSK 4 VMOPER 7 AUTOLOG 41 ------------------ AUTOLOG1 41 FORCE 41 ------------------ AUTOLOG1 41 LINK 2 ------------------ TLCEOD 2 MSGNOH 74 ------------------ AUTOLOG1 66 TLCMLL 8

{report name}

The name of this report.

{page}

The page number of this page of the report.

{rdate}

The date you ran this report (in Gregorian and Julian format).

{rtime}

The time you ran this report (in a 24‑hour clock format).

{user title}

The subtitle you specified. If you did not specify a title, CA ACF2 for z/VM leaves this field blank.

{lid}

The logonid (DIRMAINT) of the user who attempted the CP command or diagnose request that CA ACF2 for z/VM allowed but logged or prevented.

{date}

The date (98.161 06/09) the user tried the CP command or diagnose request (in Gregorian and Julian format).

{time}

The time (06.14) the user attempted the CP command or diagnose request (in a 24‑hour clock format).

{record}

The type of security record (COMMAND LOGGING) formatted. Valid record types are:

Command logging: The CP command CA ACF2 for z/VM allowed but logged.

Command violation

The CP command CA ACF2 for z/VM denied.

Diagnose logging

The diagnose instruction CA ACF2 for z/VM allowed but logged.

Diagnose violation

The diagnose instruction CA ACF2 for z/VM denied.

{inst}

User exit that allowed the logging.

{session}

The name of the VM session.

{name}

The name of the user taken from the logonid record.

{uid}

The user identification string.

{cpuid}

The CPU ID of the executing CPU.

{source}

The input source the CP command or diagnose request originated from.

{acc/noac}

Indication of whether CA ACF2 for z/VM allowed the access.

ACCESS: A command limiting rule matched the environment and the rule specified to allow or allow and log access.
KEYEXCES: The NEXTKEY facility directed CA ACF2 for z/VM to the appropriate rule. CA ACF2 for z/VM imposes a limit of 25 NEXTKEYs per validation call. This message indicates a pointer to a 26th rule set. Check the NEXTKEY line to determine the rule sets referenced and correct the error.
NOACCESS: A command limiting rule matched the environment, but the rule prevented access.
NKEYLOOP: The NEXTKEY facility directed CA ACF2 for z/VM to the appropriate rule. The rule directed CA ACF2 for z/VM to check the same rule set twice, a loop condition. Check the NEXTKEY line to determine the rule sets references and correct the error.

{cmd/diag}

The name of the CP command or diagnose instruction the user specified.

{reason code}

The reason CA ACF2 for z/VM produced the record and the disposition of the access.

{command name}

The actual name used for validation. It is the full name. Any aliases are changed to the actual command name. The command text shows the command as the user entered it.

{job name}

The VM user ID of the virtual machine the user was logged onto. For group machines, this is the group ID. JOBMASK selects on this field.

{lid}

The logonid of the user who attempted the action. For group machines, this is the group user. LIDMASK and NLIDMASK select on this field.

RKEY

The rule set key that validates the access. This field appears only when a rule record other than the one under the high level index validates the request, such as a NEXTKEY rule parameter.

Cross‑Reference Summary:

CA ACF2 for z/VM also produced a Cross‑Reference Summary at the end of the ACFRPTCL Report. This summary reflects the names and total number of the CP commands and diagnose instructions attempted. It also reports the individual users and the number of attempts they made to issue these CP commands and diagnose instructions.

Following is an explanation of the fields on the cross‑reference summary portion of this report:

COMMAND: The CP command or diagnose instruction (MSGNOH) attempted.
COUNT: The total number of command attempts reported on this report.
LID: The logonid of the user making the attempt
COUNT: The number of command attempts the above logonid attempted.

Terminal Format with NEXTKEY

TLCTMS 98.337 12/03 12.04 COMMAND VIOLATION RKEY=MESSAGE5 TLCTMS NAM=TEST ID UID=TLCTMS CPUA SRC=GRAF-7C0 NKEYLOOP CMD=MESSAGE CMD/DIAG=MSG LISTSERV HELP REASON CODE=DENIED; NEXTKEY LOOP NEXTKEY: MESSAGE MESSAGE2 MESSAGE3 MESSAGE4 MESSAGE5 MESSAGE6 MESSAGE7 TLCTMS 98.337 12/03 12.03 COMMAND VIOLATION RKEY=MESSAGE26 TLCTMS NAM=TEST ID UID=TLCTMS CPUA SRC=GRAF-7C0 KEYEXCES CMD=MESSAGE CMD/DIAG=MSG LISTSERV HELP REASON CODE=DENIED; NEXTKEY OVERFLOW NEXTKEY: MESSAGE MESSAGE2 MESSAGE3 MESSAGE4 MESSAGE5 MESSAGE6 MESSAGE7 MESSAGE8 MESSAGE9 MESSAGE10 MESSAGE11 MESSAGE12 MESSAGE13 MESSAGE14 MESSAGE15 MESSAGE16 MESSAGE17 MESSAGE18 MESSAGE19 MESSAGE20 MESSAGE21 MESSAGE22 MESSAGE23 MESSAGE24 MESSAGE25

The sample report reflects user TLCTMS requested command MSG LISTSERV HELP. The rule entry for this file directed CA ACF2 for z/VM to another rule key through the NEXTKEY rule option. CA ACF2 for z/VM allows a maximum of 25 NEXTKEYs when validating access to a file. Eventually, the rule key that validated the access request in the sample was MESSAGE26, the 26th rule set CA ACF2 for z/VM searched during validation processing. Therefore, an error occurred.

The first logging entry on the sample is from a violation record and indicates that a NKEYLOOP condition occurred when the seventh rule set directed CA ACF2 for z/VM to the fifth rule set. The NEXTKEY field of the violation entry lists all rule sets that CA ACF2 for z/VM searched during validation.

The second logging entry is from a violation record and indicates that CA ACF2 for z/VM aborted the access request due to a KEYEXCES condition when the 25th rule set directed CA ACF2 for z/VM to the 26th rule set. The RKEY field indicates the processed rule key when CA ACF2 for z/VM aborted the access.

These violation records are a valuable aid in determining where and why a KEYEXCES condition occurred. In addition, if a NEXTKEY loop occurs, the easiest method of determining where the loop occurred is the violation record. When a NEXTKEY loop occurs, the rmrc field of the report indicates NKEYLOOP and the NEXTKEY field lists all rule sets that were referenced during CA ACF2 for z/VM validation. If you selected Extended terminal output ==> N, CA ACF2 for z/VM displays only the first four lines of output.

NEXTKEY: Lists the $KEY of every rule set that CA ACF2 for z/VM checked during access validation. The report lists these $KEYs in the order they were referenced. CA ACF2 for z/VM only displays this field for NEXTKEY violation records when you specify the TERMINAL or PRINTER format options. This line is useful for debugging purposes when an NKEYLOOP or KEYEXCES condition occurs.