Determining type of access and allowed via ACF2 SMF violation record for dataset and resource access
search cancel

Determining type of access and allowed via ACF2 SMF violation record for dataset and resource access


Article ID: 216530


Updated On:


ACF2 - z/OS


Generating dataset and resource violation reports from formatted SMF records.

What fields should be looked at to find access requested and access permissions.




Release : 16.0

Component : CA ACF2 for z/OS


For resource validations, these are the fields that provide requested access.
for resource validations in smf record ACFSMFVX inCAX1MAC0.

ACVMFLGS DS    X                       INPUT FLAGS             
ACVMFARD EQU   X'20'                   READ REQUEST            

ACVMFADD EQU   X'10'                   ADD REQUEST             
ACVMFDEL EQU   X'08'                   DELETE REQUEST          
ACVMFUPT EQU   X'04'                   UPDATE REQUEST          

ACVMFLG2 DS    X                       Information flag 3      
ACVMFAEX EQU   X'80'                   ...EXECUTE request      

These fields provide record type info for resource validations.
ACVMFTF  DS    X                       MODE FLAG                       
ACVMFTFT EQU   0                       TRACE RECORD         
ACVMFTFL EQU   1                       LOGGING RECORD                  
ACVMFTFV EQU   2                       VIOLATION RECORD         


The value of each bit in the referenced fields can be found in CAX1MAC0
Here are the relevant values....

example  A$SLAPPL value=82 - this means A$SLARD (x'80') plus A$SLAEX (x'02') = 82 = READ ALLOW and EXEC ALLOW

A$SLAPPL DS    XL1           ACCESS FLAGS        

A$SLARD  EQU   X'80'         READ ALLOW          
A$SLARDL EQU   X'40'         READ ALLOW - LOG    
A$SLAWT  EQU   X'20'         WRITE ALLOW         
A$SLAWTL EQU   X'10'         WRITE ALLOW- LOG    
A$SLAAL  EQU   X'08'         ALLOC ALLOW         
A$SLAALL EQU   X'04'         ALLOC ALLOW- LOG    
A$SLAEX  EQU   X'02'         EXEC ALLOW          
A$SLAEXL EQU   X'01'         EXEC ALLOW - LOG    

example A$SSPAC1 value = 0F - this means A$SSPAOU (x'0F')   = OUTPUT ACCESS requested     

A$SSPAC1 DS    XL1                 ACCESS FLAGS                  
         SPACE 1                                                 
A$SSPAIN EQU   X'00'               INPUT ACCESS                  
A$SSPARB EQU   X'01'               READBACK ACCESS               
A$SSPAIO EQU   X'03'               IN/OUT ACCESS                 
A$SSPAUP EQU   X'04'               UPDATE ACCESS                 
A$SSPAOI EQU   X'07'               OUT/IN ACCESS                 
A$SSPAOU EQU   X'0F'               OUTPUT ACCESS                 
A$SSPAEX EQU   X'70'               EXEC ONLY ACCESS