10. MODIFICATION › 10.5 A Case Study Using RACF and DMS/OS Data › 10.5.1 Extract RACF and DMS/OS Data
10.5.1 Extract RACF and DMS/OS Data
The first step in this process involves extending the data
collection function of VCC to extract data from the RACF
database which can provide the departmental account code
associated with a given data set (either non-VSAM or VSAM).
The mechanism for this is the VCCUEXIT, which is called by
the VCCVTOC module for each format 1 DSCB found in the VTOC.
In the example that follows, we have also included the
extraction of some data added to the format 1 DSCB by the
Sterling Software product DMS/OS. The offsets into the
format 1 DSCB are the default locations in Release 8.0 of
DMS/OS according to our mutual clients. You must verify that
your configuration of DMS/OS matches this; make the
appropriate changes or delete the references pertaining to
DMS/OS fields.
RACF examples are based on Release 1.8.1 of RACF. For a
full discussion of VCCUEXIT, please refer to the VCC User
Guide.
The aim of this exit is to extract the installation data
(INSTDATA) that has been established for a RACF group
profile. RACF and equivalent products set aside INSTDATA
for use by the organization implementing the security
environment. Naturally, our example here can only aim at
giving you a view of one implementation and you will have
to adapt this code to your own rules.
VCCUEXIT TITLE '*---------- SAMPLE VCCUEXIT USER EXIT ----------*' MICS04
MACRO 00020000
&LABEL RACF1 00030000
&LABEL RACROUTE REQUEST=AUTH, X00040000
RELEASE=1.8.1, X00050000
ENTITY=(DUMMY,PRIVATE), X00060000
CLASS='DATASET', X00070000
VOLSER=DUMMY, X00080000
WORKA=DUMMY, X00090000
RACFIND=NO, X00100000
ATTR=READ, X00110000
MF=L 00120000
MEND 00130000
* 00140000
MACRO 00150000
&LABEL RACF2 00160000
&LABEL RACROUTE REQUEST=EXTRACT, X00170000
TYPE=EXTRACT, X00180000
RELEASE=1.8.1, X00190000
CLASS='DATASET', X00200000
FIELDS=FLDLIST, X00210000
DERIVE=YES, X00220000
GENERIC=YES, X00230000
ENTITY=DUMMY, X00240000
MF=L 00250000
MEND 00260000
VCCUEXIT VCCINIT FIXLIST=(VCC4300, X00270000
), X00280000
VERSION=200, X00290000
GENOPT=GEN 00300000
LR R11,R7 MOVE DSCB ADDR. 00310000
USING IECSDSL1,R11 FORMAT 1 BASE REG. 00320000
LR R10,R1 MOVE VTCWA ADDR. 00330000
USING VTCWA,R10 VTOC WORK AREA BASE 00340000
SPLEVEL SET=1 SET SPLEVEL TO 370 LEVEL 00350000
********************************************************* 00360000
* IF YOU WANT TO ESTABLISH A NEW SAVE AREA, A SAVE AREA * 00370000
* HAS BEEN PROVIDED FOR YOU IN THE VTCWA. USE THE * 00380000
* FOLLOWING CODE AS AN EXAMPLE OF HOW TO DO THIS. DO * 00390000
* NOT GETMAIN A NEW SAVE AREA. * 00400000
* * 00410000
* FOR A REENTRANT WORKAREA, YOU CAN USE THE AREA * 00420000
* DEFINED UNDER THE 'SUSRDSCT'. YOU WILL HAVE ADDRESS- * 00430000
* ABILITY UNDER THE SAME BASE REGISTER USED TO BUILD * 00440000
* DATA IN THE USER SEGMENT. THE ACTUAL GETMAINED AREA * 00450000
* IS MAPPED AT THE END OF THE VCCVTOC WORKAREA IN A * 00460000
* RECORD CONSTRUCTION AREA OF 4096 BYTES. YOU WILL BE * 00470000
* ABLE TO USE 4096 BYTES MINUS THE SIZE OF THE RECORD * 00480000
* PASSED TO THIS EXIT FOR MODIFICATION. * 00490000
********************************************************* 00500000
LA R3,VTCWUSVE USER EXIT SAVE AREA 00510000
ST R13,4(,R3) CHAIN SAVE 00520000
ST R3,8(,R13) AREAS. 00530000
LR R13,R3 NEW SAVE AREA. 00540000
LA R9,VTCWRECD POINT TO SMF RECORD 00550000
USING SBASDSCT,R9 BASE SEGMENT BASE REG. 00560000
LH R4,SBASRDW - CURRENT RECORD LENGTH 00570000
N R4,=X'FFFFFFFC' - ENSURE FULLWORD ORIGIN 00580000
LA R5,SUSRLEN - LENGTH OF THE USER SEG. 00590000
STCM R5,3,SBASUSRL - USER SEGMENT LENGTH 00600000
AR R5,R4 - NEW RECORD LENGTH 00610000
STH R5,SBASRDW - RESET SMF RECORD LENGTH 00620000
S R4,=F'4' - OFFSET OF USER SEGMENT 00630000
* (SEGMENT OFFSETS DO NOT 00640000
* INCLUDE THE FOUR BYTES 00650000
* OF THE RDW FOR SAS). 00660000
STCM R4,3,SBASUSRS - USER SEGMENT OFFSET 00670000
LA R4,4(R9,R4) - FIND ADDRESS OF USER 00680000
* SEGMENT 00690000
USING SUSRDSCT,R4 - USER SEG. BASE REG. 00700000
MVC SBASUSR#,=AL2(1) - ONLY ONE USER SEGMENT 00710000
* 00720000
* BUILD USER SEGMENT FIELDS 00730000
* 00740000
* 00750000
*------------------------------------------------------------------* 00760000
* EXTRACT FIELDS ADDED TO FORMAT-1 DSCB BY DMS/OS * 00770000
*------------------------------------------------------------------* 00780000
MVC SUSRCJOB(5),IECSDSL1+70 GET CREATING JOBNAME (1ST 5) 00790000
MVC SUSRCJOB+5(3),IECSDSL1+45 (LAST 3 BYTES OF JOBNAME) 00800000
MVC SUSRUJOB,IECSDSL1+62 GET LAST UPDATING JOB (ALL 8) 00810000
MVC SUSRUDAT,IECSDSL1+48 DATE LAST UPDATED 00820000
*------------------------------------------------------------------* 00830000
* CALL RACF TO GET THE GENERIC PROFILE BASED ON COMPLETE DSNAME * 00840000
*------------------------------------------------------------------* 00850000
MVC RACHECKW(RACHECKL),RACHECKX LIST FORM TO WORKAREA 00860000
RACROUTE REQUEST=AUTH, X00870000
RELEASE=1.8.1, X00880000
ENTITY=(DS1DSNAM,PRIVATE), X00890000
WORKA=RACFWORK, X00900000
RACFIND=NO, X00910000
MF=(E,RACHECKW) 00920000
LTR R15,R15 TEST RETURN CODE 00930000
BZ MORERACF 0 - CONTINUE WITH MORE EXTRACTION 00940000
CH R15,=H'8' Q. GENERIC PROFILE FOUND ? 00950000
BNE SETDEF ..NO. GO SET DEFAULTS AND EXIT 00960000
MORERACF DS 0H YES..CONTINUE 00970000
*------------------------------------------------------------------* 00980000
* CALL RACF TO GET INSTALLATION DATA BASED ON THE GENERIC PROFILE * 00990000
*------------------------------------------------------------------* 01000000
LA R8,4(,R1) -> GENERIC PROFILE 01010000
MVC RACXTRTW(RACXTRTL),RACXTRTX LIST FORM TO WORKAREA 01020000
RACROUTE REQUEST=EXTRACT, X01030000
TYPE=EXTRACT, X01040000
RELEASE=1.8.1, X01050000
FIELDS=FLDLIST, X01060000
DERIVE=YES, X01070000
GENERIC=YES, X01080000
WORKA=RACFWORK, X01090000
ENTITY=(R8), X01100000
MF=(E,RACXTRTW) 01110000
LTR R15,R15 TEST RETURN CODE 01120000
BNZ SETDEF GO SET DEFAULTS AND EXIT 01130000
LH R5,4(,R1) GET OFFSET LENGTH 01140000
AR R5,R1 -> INSTALLATION DATA 01150000
CLI 0(R5),0 Q. TEST FOR NO INSTALLATION DATA 01160000
BE EXIT ..NO INSTALLATION DATA A 01170000
MVC ACCTNO,4(5) EXTRACT ACCOUNT CODE FROM RACF 01180000
CLI ACCTNO,0 Q. SIMPLE TEST FOR VALIDITY 01190000
BNE OK1 ..VALID...CONTINUE 01200000
MVC ACCTNO,=CL8'*RACFERR' FOR LATER TESTING BY CA MICS 01210000
B EXIT PROCEED TO EXIT 01220000
OK1 DS 0H 01230000
CLC ACCTNO,=8CL1'00' Q. IS THERE AN ACCOUNT NUMBER 01240000
BNE EXIT ..YES....EXIT 01250000
SETDEF DS 0H (ALSO) BRANCH ENTER IF NO PROFILE 01260000
EXIT DS 0H (ALSO) BRANCH ENTER IF NO PROFILE 01270000
MVC ACCTNO,=8CL1'*' SET DEFAULT FOR TESTING BY CA MICS 01280000
L R13,4(,R13) -> SAVEAREA PROVIDED AT ENTRY 01290000
LM R14,R12,12(R13) RESTORE REGS AT ENTRY 01300000
BR R14 RETURN TO VCCVTOC 01310000
LTORG 01320000
*-----------------------------------------------------------------* 01330000
* CONSTANT AREA USED BY THIS CSECT * 01340000
*-----------------------------------------------------------------* 01350000
FLDLIST DC A(1) 01360000
DC CL8'INSTDATA' 01370000
RACHECKX RACF1 01380000
RACHECKL EQU *-RACHECKX LIST LENGTH FOR MOVE TO WORKAREA 01390000
DUMMY DS 0H EXECUTE FORM OF MACRO OVERRIDES 01400000
RACXTRTX RACF2 01410000
RACXTRTL EQU *-RACXTRTX LIST LENGTH FOR MOVE TO WORKAREA 01420000
SPACE 3 01430000
SUSRDSCT DSECT USER SEGMENT 01440000
SUSRCJOB DS CL8 CREATING JOBNAME 01450000
SUSRUJOB DS CL8 LAST UPDATING JOBNAME 01460000
SUSRUDAT DS XL3 DATE OF LAST UPDATE YY.DD.DD 01470000
SUSRACCT DS CL8 ACCOUNT NUMBER FROM RACF INSTDATA 01480000
ACCTNO EQU SUSRACCT ALIAS NAME FOR ACCOUNT NUMBER 01490000
SUSRLEN EQU *-SUSRDSCT LENGTH OF USER SEGMENT 01500000
SPACE 1 01510000
RACHECKW RACF1 SHELL FOR RACHECK MOVED HERE 01520000
RACXTRTW RACF2 SHELL FOR RACXTRT MOVED HERE 01530000
SPACE 2 01540000
DS 0D 01550000
RACFWORK DS CL512 WORKA ADDRESS FOR RACROUTE 01560000
TITLE 'DSECTS NEEDED BY VCCUEXIT' 01570000
DSCB1 DSECT 01580000
IECSDSL1 1 FORMAT 1 DSCB 01590000
PUSH PRINT 01600000
PRINT NOGEN 01610000
IEZDEB LIST=NO DEB NEEDED BY VCCVTCWA MACRO 01620000
POP PRINT 01630000
VCCVTCWA SAVEAREA/WORKAREA OF VCCVTOC TASK 01640000
VCCCNTWA GLOBAL WORKAREA OF VCCNTRL 01650000
VCCRCORD LAYOUT OF VCC RECORDS 01660000
ICHSAFP 01670000
END VCCUEXIT 01680000
Figure 10-1. Sample VCCUEXIT for RACF and DMS/OS
Copyright © 2014 CA.
All rights reserved.
|
|