Previous Topic: ParametersNext Topic: Security Macro JCL

DISPLAY/PUNCH ALL Syntax for Security DefinitionsUsing DISPLAY/PUNCH ALL SyntaxUsage

Usage

Output Contains Only Enough Information to Display/Punch Entity

Output produced by DISPLAY or PUNCH ALL consists only of the information necessary to execute a DISPLAY/PUNCH request for each entity occurrence. For example, Resource DMCL occurrences are displayed with their name, and AREA occurrences with their fully qualified name (that is, segmentname.areaname). In an online session, the user can execute the displayed statements by pressing [Enter]. This two-step process allows the user to scan the names of entity occurrences related to the database in which the statement is issued.

Valid Entity Types and Option Keywords for Conditional Expressions

The following table lists valid entity types and keywords that you can specify as entity-type and entity-option-keyword in the DISPLAY ALL and PUNCH ALL syntax.

Entity type

Entity-option keyword

Selects based on

All Security components

 

 

 

 

NAMe

FULl NAMe

RESource NAMe

 

CREated by

PREpared by

LASt UPDated by

 

REVised by

 

DATe last UPDated

 

MONth last UPDated

DAY last UPDated

YEAr last UPDated

DATe CREated

 

MONth CREated

DAY CREated

YEAr CREated

Unqualified Name (1)

Qualified Name (1)

Unqualified Name

(Resources only) (1)

User who created occurrence

User who created occurrence

User who last updated

occurrence

User who last updated

occurrence

Date (MM/DD/YY) occurrence

last updated

Month occurrence last updated

Day occurrence last updated

Year occurrence last updated

Date (MM/DD/YY) occurrences

created

Month occurrence created

Day occurrence created

Year occurrence created

.tabreak

Global Security components

GROups

GROup name

STAtus

Name (ID) of Group

Status of GROUP

(ACTIVE, INACTIVE,

LOGICALLY DELETED)

USErs

USEr name

STAtus

 

 

FULl NAMe

PROfile

Name (ID) of User

Status of USER

(ACTIVE, INACTIVE,

LOGICALLY DELETED)

Full Name of User

Profile assigned to User

USEr PROfiles

USEr PROfile name

PROfile name

Profile Name

Profile Name

Physical Database Security components

RESource AREas

resource AREa NAMe

SEGment name

Unqualified AREA name (1)

Area's segment name

RESource DBs

resource DB NAMe

Name of Database

RESource

DBTables

resource DBTable NAMe

Name of DBTable

RESource DMCls

resource DMCL NAMe

Name of DMCL

RESource NONsql

SCHEmas

resource NONSQL

SCHEma NAME

Name of NON SQL Schema

SQL Security Components

RESource ACCess

MODules

or

RESource AMS

resource ACCess

MODule NAMe

resource AM NAMe

 

AM NAMe

 

SCHema name

Unqualified Name of

Access Module (1)

Unqualified Name of

Access Module (1)

Unqualified Name of

Access Module (1)

Schema Name of Access Module

RESource SCHemas

resource SCHema NAMe

Name of SQL Schema

RESource TABles

resource TABle NAMe

SCHema NAMe

Unqualified Name of Table (1)

Schema Name of Table

System Security Components

RESource

ACTivities

resource ACTivity name

NUMber

Name of Activity

Activity Number

RESource

CATegories

resource CATegory NAMe

NUMber

Name of Category

Category Number

RESource SYStems

resource SYStem NAMe

Name of System

SYStem PROfiles

system PROfile NAMe

Profile Name

The following Resource Category Components can be selected using the specified entity-option keyword (in addition to those specified in the preceding Resource Categories).

RESource CATegory

ACCess MODules

or

RESource CATegory

AMS

ACCess MODule name

 

DICTName

DICtionary name

SCHema name

Unqualified Access Module

Name (1)

Dictionary Name

Dictionary Name

SQL Schema Name

RESource

category

LOAd MODules

LOAd MODule name

 

DICTName

DICtionary name

Version

Unqualified Load Module

Name (1)

Dictionary Name

Dictionary Name

Version Number

(in Vnnnn format)

RESource

category

PROgrams

PROgram name

FILe name

Version

Unqualified Program name

File Name (CDMSLIB)

Version Number

(in Vnnnn format)

RESource

category

QUEues

QUEue name

Name of Queue

RESource

category

RUNunits

RUNunit name

DATabase NAMe

DBName

SUBschema name

PROgram name

Unqualified Rununit name (1)

Database Name

Database Name

Subschema Name

Program Name

RESource

category

TASks

TASk name

Name of task

 

(1) Unqualified name selections are based on the primary name of the entity occurrence only. To select based on the fully qualified occurrence name, token FULL NAME must be specified. Security components with qualified names are specified in the following table.

Fully Qualified Names of Security Components

The fully qualified names of security components are listed in the following table.

Resource

Fully qualified name

ACCESS MODULE

schema-name.access-module-name

AREA

segment-name.area-name

TABLE

schema-name.table-name

CATEGORY ACCESS MODULE

dictname.schema-name. access-module-name

CATEGORY LOAD MODULE

dictname.Vnnnn.load-module-name

CATEGORY RUNUNIT

dbname.subschema-name.program-name

CATEGORY PROGRAM

CDMSLIB.program-name or Vnnnn.program-name

For all other security components, unqualified and qualified names are the same.

Date and Year 2000 support

You can use date selection criteria and year 2000 support in DISPLAY/PUNCH ALL statements to display security entities.

You implement date selection criteria in these WHERE clause options:

You can specify the date as a value-comparison string in the form 'MM/DD/YY' in the right side of the conditional expression. CA IDMS extracts it in CCYYMMDD form to accurately determine the relationship of dates. For example, this DISPLAY ALL statement:

DISPLAY ALL USERS WHERE DATE CREATED > '01/01/96';

establishes a search criteria to identify the USERS whose DATE CREATED values are greater than the specified string. The DISPLAY ALL process determines that the date '01/01/96' is greater than the date '12/31/95'.

Alternatively, you may specify the value-comparison string on either side of the conditional expression in the form 'CCYYMMDD' to achieve the same results.

You can also substitute day, month, or year for each of these WHERE clause options. For example, this DISPLAY ALL statement specifies a search condition that is based on month and year:

DISPLAY ALL RESOURCE AREAS
   WHERE MONTH CREATED = '01'
   AND YEAR CREATED > '95';

Default Order of Precedence Applied to Logical Operators

Conditional expressions can contain a single condition, or two or more conditions combined with the logical operators AND or OR. The logical operator NOT specifies the opposite of the condition. The command facility evaluates operators in a conditional expression one at a time, from left to right, in order of precedence. The default order of precedence is as follows:

If parentheses are used to override the default order of precedence, the command facility evaluates the expression within the innermost parentheses first.

The following examples show sample DISPLAY statements for security definitions.

DISPLAY ALL GROUPS WHERE STATUS IS 'ACTIVE'

                   OCF rr.r IDMS  PAGE 1 LINE 1  DICT=SYSTEM       1/8 cv-name
DISPLAY ALL GROUPS WHERE STATUS IS 'ACTIVE';
*+ Status = 0        SQLSTATE = 00000
*+   DISPLAY GROUP "TESTGROUP" ;
*+   DISPLAY GROUP "PUBLIC" ;
*+   DISPLAY GROUP "MIS" ;
*+   DISPLAY GROUP "HR" ;
*+   DISPLAY GROUP "ACCOUNTING" ;
*+ I DC601157  NO MORE ENTITY OCCURRENCES FOUND                         WORD  1

DISPLAY ALL USERS WHERE USER NAME MATCHES 'SP'

                   OCF rr.r IDMS  PAGE 1 LINE 1  DICT=SYSTEM       1/5 cv-name
DISPLAY ALL USERS WHERE USER NAME MATCHES 'SP'
*+ Status = 0        SQLSTATE = 00000
*+   DISPLAY USER "SPILL01" ;
*+   DISPLAY USER "SPANL01" ;
*+ I DC601157  NO MORE ENTITY OCCURRENCES FOUND                         WORD  1