Technote (troubleshooting)
Problem(Abstract)
There is a need to report job submissions where the submittor is not the executing userid when running zSecure CARLa reports.
Resolving the problem
This is possible with a simple CARLa.
This SELECT statement selects all events where the submitting user (utoken_suser) differs from the executing userid that's used in the job card:
newlist type=smf
select type=80 utoken_suser<<>>userid exists(utoken_suser)
sortlist date time userid utoken_suser utoken_flags recorddesc
The output could look similar to:
S M F R E C O R D L I S T I N G 22Nov06 09:06 to 22Nov06 09:36
Date Time User Sub user Utoken flags Description
22 Nov 2006 09:06 PMIOPER CRMBTZ1 S RACF ACCESS success for PMIOPER
22 Nov 2006 09:06 PMIOPER CRMBTZ1 S RACF ACCESS success for PMIOPER
22 Nov 2006 09:08 PMIOPER CRMBTZ1 S RACF ACCESS success for PMIOPER
22 Nov 2006 09:08 PMIOPER CRMBTZ1 S RACF ACCESS success for PMIOPER
22 Nov 2006 09:11 CRMBTZ3 CRMBTZ1 S RACF RACINIT violation for CRMB
22 Nov 2006 09:25 CRMBTZ3 CRMBTZ1 S RACF RACINIT violation for CRMB
22 Nov 2006 09:32 CRMBTZ3 CRMBTZ1 S RACF RACINIT violation for CRMB
22 Nov 2006 09:36 CRMBTZ3 CRMBTZ1 RACF ACCESS violation for CRMBT
The column "Utoken flags" contains an "S" if surrogate access was used.
If column "Utoken flags" is empty this indicates that the job card contained both a valid USER= and the correct PASSWORD= parameters.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.