book
Article ID: 131145
calendar_today
Updated On:
Issue/Introduction
The client found that their security was allowing for reports to be deleted, and sees that the reason could be because there are differences in the security that they have on different systems.
Resolution
Per the client's SARSTCUX01 messages, all 3 reports were collected to View.
All 3 reports should be in the same generation, as the client's View backup ran after the reports were collected.
As only one report, and not all 3, appear in the Sysout Selection listing, it is believed that someone had deleted the other 2 reports.
With SARINIT SMFTYPE=000, the client did not have the View Metrics in use, which could identify who had deleted the reports.
With SARINIT DELETE=YES, the client was permitting end-users to delete reports using the View online.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
To track report activity by end-users, it is suggested to use the View Metrics.
By enacting Metrics, with a SMFTYPE=nnn (128 to 255), View generates SMF records, including for deleted reports.
The View Metrics Delete report shows who deleted what reports and when.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
With a change to SARINIT DELETE=NO, everyone is prevented from deleting reports using the View online (other than what is allowed in external security).
However, even with DELETE=NO, deleting can still take place using batch SARBCH /DELETE.
The client used a modified SARSECUX module.
They used program source taken from CVDEOPTN(SARSECU1), which allows for the use of pseudo-dataset rules.
In one system, where the security worked, in the SARSECUX exit, the client was moving the MCRSECID field to SECID.
In the system where the security was not working, the SARSECUX program was moving field CPLVID to SECID.
The client changed the other SARSECUX program to move field MCRSECID to SECID, and the other security then worked as desired.