Two types of output are possible from this report, a Logonid Access Report and a Resource Logonid Access Report. This report displays two types of output.
CA ACF2 for z/VM SECURITY ‑ ACFRPTRX ‑ LOGONID ACCESS REPORT ‑ PAGE 1 DATE 06/14/98 (98.166) TIME 07.43 INPUT PARAMETERS: DSET LINECNT(60) LID FILE PROCESSING COMPLETE, RECORDS SELECTED = 00417 RULE FILE PROCESSING COMPLETE, RECORDS SELECTED = 06002 ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ SYSIDLST PARAMETERS: LID(SVMRFB**) ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ LID: TLCRBF UID: TLCADTLCRBF NAME: BOB FRANK $KEY($ACF2VM) STORED: 04/15/98‑18:12 BY: TLCISO ‑ UID(*****TLC) READ(A) WRITE(A) EXEC(A) $KEY($DCK$) STORED: 05/25/98‑11:50 BY: TLCISO V0A1.‑ UID(*) READ(A) EXEC(A) V598.‑ UID(*) READ(A) EXEC(A) $KEY(%TLC) STORED: 12/05/97‑10:25 BY: TLCDAN ‑ UID(*****TLC) READ(A) WRITE(A) ALLOC(A) EXEC(A) $KEY(TLCXA320) STORED: 04/18/98‑11:56 BY: TLCDMGR ‑ UID(*****TLC) READ(A) EXEC(A) ‑ UID(*) $KEY(TLC2BASE) STORED: 09/14/98‑16:10 BY: TLCISO ‑ UID(TL***TLC) READ(A) EXEC(A) $KEY(Z9999‑) STORED: 05/07/98‑13:52 BY: TLCISO ‑ UID(*) READ(A) WRITE(A) ALLOC(A) EXEC(A)
CA ACF2 for z/VM SECURITY ‑ ACFRPTRX ‑ LOGONID ACCESS REPORT ‑ PAGE 1 DATE 06/16/98 (98.168) TIME 10.59 INPUT PARAMETERS: RSRC LID(TLCJDT) TYPE(GRP) LINECNT(60) LID FILE PROCESSING COMPLETE, RECORDS SELECTED = 00001 RULE FILE PROCESSING COMPLETE, RECORDS SELECTED = 00049 ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ LID: TLCJDT UID: TLC99TLCTJD NAME: TIM DOODLE $KEY(TLC2BACK) TYPE(GRP) STORED: 02/27/98‑17:27 BY: TLCISO UID(TL***TLC) LOG $KEY(TLC2QRST) TYPE(GRP) STORED: 03/17/98‑18:29 BY: TLCISO UID(TL***TLC) LOG $KEY(DIRECTOR) TYPE(GRP) STORED: 09/14/98‑09:17 BY: TLCISO UID(*****TLC) ALLOW $KEY(DIRM2) TYPE(GRP) STORED: 11/02/98‑07:44 BY: TLCISO UID(*****TLC) LOG $KEY(TLCMNTP) TYPE(GRP) STORED: 05/05/98‑18:07 BY: TLCISO UID(*****TLC) ALLOW $KEY(VSCS) TYPE(GRP) STORED: 02/05/98‑18:06 BY: TLCISO UID(*****TLCJDT) ALLOW $KEY(SPORTMAN) TYPE(GRP) STORED: 11/23/97‑12:50 BY: TLCISO UID(*****TLC) ALLOW $KEY(TLCLTC) TYPE(GRP) STORED: 06/10/98‑17:15 BY: TLCOED UID(*****TLCJDT) ALLOW $KEY(TLCCSG) TYPE(GRP) STORED: 05/23/98‑16:34 BY: TLCISO UID(*****TLC) ALLOW
Fields in the two reports are explained below.
The parameters specified in the parameter field.
The number of logonid records processed.
The number of rules used for processing.
Parameters specified for input.
The logonid processed.
The user identification string of the logonid processed.
The value in the NAME field for the specified logonid.
The rule ID of the data access or resource rule set.
Date and time the rule was last stored. The date format depends on VMO records.
The logonid of the user who last stored the rule.
Value of the $MODE control card stored with the access rule. This line only appears if you specified a $MODE control statement in the rule set.
Value of the $NOSORT control card stored with the access rule. This line only appears if you specified $NOSORT in the rule set.
Value of the $PREFIX control card stored with the access rule. This line only appears if you specified $PREFIX in the rule set.
Value of the %CHANGE control card stored with the access rule. This line only appears if you specified %CHANGE in the rule set.
Value of the %RCHANGE control card stored with the access rule. This line only appears if you specified %RCHANGE in the rule set.
Each rule entry in the rule set that applies to the LID or UID processed. Possible fields that could appear in an access rule entry are:
dsn VOL(volmask) UID(uidmask) SHIFT(shift) UNTIL(date)|FOR(days) SOURCE(source) PGM(pgmname) READ(A|L|P) WRITE(A|L|P) EXEC(A|L|P) DATA(data) NEXTKEY(nextkey)
UID(uid) SHIFT(shift) SOURCE(source) UNTIL(date)|FOR(days) VERIFY ALLOW|LOG|PREVENT SERVICE(READ,ADD,UPDATE,DELETE) DATA(data)
Access reason codes are explained below. The term data set refers to OS data sets, VM minidisks, CMS files, DOS files, and attachable DASD devices.
The user has NON‑CNCL attribute in the logonid record.
The user’s logonid record PREFIX field matches the high‑level index for the data.
The logonid has the READALL attribute and is not cancellable as long as the data set is opened for input (read only). This code is valid only for data access processing.
The logonid is a scoped security officer. He has the SECURITY and DSNSCOPE or SCPLIST in his logonid record. The DSNSCOPE matches the high‑level index of the data.
The logonid is an unrestricted security officer. He has the SECURITY and no DSNSCOPE or SCPLIST in the logonid record.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|