Technote (troubleshooting)
Problem(Abstract)
Presented is one way to be able to use the zSecure lookup function against ACF2 site defined fields.
Cause
Default lookups are in the ACF2 logonid database. A type=ACF2LID lookup assumes the basefield contains a logonid, and finds the value of the specified targetfield in the ACF2 database. The target fields supported are:
ACF2_UID (the UIDstring)
NAME
NON-CNCL
READALL
RESTRICT
SECURITY
STC
Resolving the problem
In order to be able to use lookup against ACF2 site defined fields, a file must be created first with the desired fields, then used after that for the lookup.
First the job to create the PASS1OUT file
//DELETE EXEC PGM=IEFBR14
//DD1 DD DSN=your.prefix.PASS1OUT,
// UNIT=3390,
// SPACE=(TRK,0),
// DISP=(MOD,DELETE)
//*
//RUN1 EXEC PGM=CKRCARLA
//STEPLIB DD DISP=SHR,DSN=your.prefix.IBM.HCKR1D0.SCKRLOAD
//PASS1OUT DD DISP=(NEW,CATLG),DSN=your.prefix.PASS1OUT,
// DSORG=PS,RECFM=FB,LRECL=80,SPACE=(TRK,(1,1))
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
alloc active
option f=PASS1OUT nopage
newlist type=ACF2_LID
sortlist LID(8) AGROUP(firstonly,8) SPECIAL(3)
/*
In our sample, 2 user fields are defined in the ACF2_LID, AGROUP and SPECIAL.
The PASS1OUT file now contains all logon-ids with their AGROUP and SPECIAL field, like this:
CRMBER3 CRMB
CRMBFT1 SYSPROG Yes
CRMBFT2 CRMB
CRMBGUS CRMB Yes
CRMBHJ1 SYSPROG Yes
CRMBMAR SYSPROG Yes
CRMBMC1 CRMB
CRMBMH1 CRMB
The following job now selects all SMF records for users that have the value 'SYS1' in the AGROUP field.
//RUN2 EXEC PGM=CKRCARLA
//STEPLIB DD DISP=SHR,DSN=your.prefix.IBM.HCKR1D0.SCKRLOAD
//SYSPRINT DD SYSOUT=*
//DEF$TYPE DD DISP=SHR,DSN=your.prefix.PASS1OUT
//SYSIN DD *
alloc active smf
deftype type=$lid
alloc type=$lid dd=DEF$TYPE
define type=$lid lid(8) as substr(record,1,8)
define type=$lid agroup(8) as substr(record,10,8)
define type=$lid special(8) as substr(record,19,3)
n type=smf nodup
s exists(acf2_subtype) user:$lid.lid.agroup='SYS1'
sortlist user user:$lid.lid.agroup(8) user:$lid.lid.special(3)
/*
Output is:
S M F R E C O R D L I S T I N G 21Sep11 07:00 to 21Sep11 10:36
User AGROUP SPE
ACFSTCID SYS1
RMFGAT SYS1
SCHEDULE SYS1
To use the example above to use lookup in zSecure Alert:
- run sample JCL RUN1 (shown above)
- add the define statements to your.prefix.C2PCUST(C2PXDEF1):
deftype type=$lid
alloc type=$lid dd=DEF$TYPE
define type=$lid lid(8) as substr(record,1,8)
define type=$lid agroup(8) as substr(record,10,8)
define type=$lid special(8) as substr(record,19,3)
You should then be able to use something like this in your Alert:
select user:$lid.lid.agroup='SYS1'
| Segment | Product | Component | Platform | Version | Edition |
|---|---|---|---|---|---|
| Security | Tivoli zSecure Audit for ACF2 | 1.10, 1.11 | Enterprise |
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.