One way to perform lookups on ACF2 site defined fields

Technote (troubleshooting)


Problem(Abstract)

Presented is one way to be able to use the zSecure lookup function against ACF2 site defined fields.

Cause

Default lookups are in the ACF2 logonid database. A type=ACF2LID lookup assumes the basefield contains a logonid, and finds the value of the specified targetfield in the ACF2 database. The target fields supported are:

ACF2_UID (the UIDstring)
NAME
NON-CNCL
READALL
RESTRICT
SECURITY
STC


Resolving the problem

In order to be able to use lookup against ACF2 site defined fields, a file must be created first with the desired fields, then used after that for the lookup.


First the job to create the PASS1OUT file

//DELETE  EXEC PGM=IEFBR14                                  
//DD1       DD DSN=your.prefix.PASS1OUT,                        
//             UNIT=3390,                                  
//             SPACE=(TRK,0),                              
//             DISP=(MOD,DELETE)                            
//*                                                        
//RUN1    EXEC PGM=CKRCARLA                                
//STEPLIB   DD DISP=SHR,DSN=your.prefix.IBM.HCKR210.SCKRLOAD
//PASS1OUT  DD DISP=(NEW,CATLG),DSN=your.prefix.PASS1OUT,      
//             DSORG=PS,RECFM=FB,LRECL=80,SPACE=(TRK,(1,1))
//SYSPRINT  DD SYSOUT=*                                    
//SYSIN     DD *                                            
alloc active                                                
option f=PASS1OUT nopage                                    
newlist type=ACF2_LID                                      
  sortlist LID(8) AGROUP(firstonly,8) SPECIAL(3)            
/*

In our sample, 2 user fields are defined in the ACF2_LID, AGROUP and SPECIAL.
The PASS1OUT file now contains all logon-ids with their AGROUP and SPECIAL field, like this:

CRMBER3  CRMB        
CRMBFT1  SYSPROG  Yes
CRMBFT2  CRMB        
CRMBGUS  CRMB     Yes
CRMBHJ1  SYSPROG  Yes
CRMBMAR  SYSPROG  Yes
CRMBMC1  CRMB        
CRMBMH1  CRMB        

The following job now selects all SMF records for users that have the value 'SYS1' in the AGROUP field.

//RUN2    EXEC PGM=CKRCARLA                                    
//STEPLIB   DD DISP=SHR,DSN=your.prefix.IBM.HCKR210.SCKRLOAD    
//SYSPRINT  DD SYSOUT=*                                        
//DEF$TYPE  DD DISP=SHR,DSN=your.prefix.PASS1OUT                    
//SYSIN     DD *                                                
alloc   active smf                                              
deftype type=$lid                                              
alloc   type=$lid dd=DEF$TYPE                                  
define  type=$lid lid(8)     as substr(record,1,8)              
define  type=$lid agroup(8)  as substr(record,10,8)            
define  type=$lid special(8) as substr(record,19,3)            
n type=smf nodup                                                
  s exists(acf2_subtype) user:$lid.lid.agroup='SYS1'            
  sortlist user user:$lid.lid.agroup(8) user:$lid.lid.special(3)
/*                                                              

Output is:
S M F   R E C O R D   L I S T I N G   21Sep13 07:00 to 21Sep13 10:36
                                                                   
User     AGROUP   SPE                                              
ACFSTCID SYS1                                                      
RMFGAT   SYS1                                                      
SCHEDULE SYS1                                                      

To use the example above to use lookup in zSecure Alert:

- run sample JCL RUN1 (shown above)
- add the define statements to your.prefix.C2PCUST(C2PXDEF1):

deftype type=$lid                                              
alloc   type=$lid dd=DEF$TYPE                                  
define  type=$lid lid(8)     as substr(record,1,8)              
define  type=$lid agroup(8)  as substr(record,10,8)            
define  type=$lid special(8) as substr(record,19,3)

You should then be able to use something like this in your Alert:
select user:$lid.lid.agroup='SYS1'

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security zSecure Alert for ACF2
zSecure Alert for ACF2

Software version:

1.11, 1.12, 1.13.0, 1.13.1, 2.1

Operating system(s):

z/OS

Software edition:

Enterprise

Reference #:

1403029

Modified date:

2014-01-28

Translate my page

Machine Translation

Content navigation