search cancel

Determining type of access and allowed via ACF2 SMF violation record for dataset and resource access

book

Article ID: 216530

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

Generating dataset and resource violation reports from formatted SMF records.

What fields should be looked at to find access requested and access permissions.

 

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

For resource validations, these are the fields that provide requested access.
for resource validations in smf record ACFSMFVX inCAX1MAC0.

ACVMFLGS DS    X                       INPUT FLAGS             
ACVMFARD EQU   X'20'                   READ REQUEST            

ACVMFADD EQU   X'10'                   ADD REQUEST             
ACVMFDEL EQU   X'08'                   DELETE REQUEST          
ACVMFUPT EQU   X'04'                   UPDATE REQUEST          

*                                                              
ACVMFLG2 DS    X                       Information flag 3      
ACVMFAEX EQU   X'80'                   ...EXECUTE request      

These fields provide record type info for resource validations.
ACVMFTF  DS    X                       MODE FLAG                       
ACVMFTFT EQU   0                       TRACE RECORD         
ACVMFTFL EQU   1                       LOGGING RECORD                  
ACVMFTFV EQU   2                       VIOLATION RECORD         

                                                                       

The value of each bit in the referenced fields can be found in CAX1MAC0
member ACFSMFDX
Here are the relevant values....

example  A$SLAPPL value=82 - this means A$SLARD (x'80') plus A$SLAEX (x'02') = 82 = READ ALLOW and EXEC ALLOW

A$SLAPPL DS    XL1           ACCESS FLAGS        

A$SLARD  EQU   X'80'         READ ALLOW          
A$SLARDL EQU   X'40'         READ ALLOW - LOG    
A$SLAWT  EQU   X'20'         WRITE ALLOW         
A$SLAWTL EQU   X'10'         WRITE ALLOW- LOG    
A$SLAAL  EQU   X'08'         ALLOC ALLOW         
A$SLAALL EQU   X'04'         ALLOC ALLOW- LOG    
A$SLAEX  EQU   X'02'         EXEC ALLOW          
A$SLAEXL EQU   X'01'         EXEC ALLOW - LOG    

example A$SSPAC1 value = 0F - this means A$SSPAOU (x'0F')   = OUTPUT ACCESS requested     

A$SSPAC1 DS    XL1                 ACCESS FLAGS                  
         SPACE 1                                                 
A$SSPAIN EQU   X'00'               INPUT ACCESS                  
A$SSPARB EQU   X'01'               READBACK ACCESS               
A$SSPAIO EQU   X'03'               IN/OUT ACCESS                 
A$SSPAUP EQU   X'04'               UPDATE ACCESS                 
A$SSPAOI EQU   X'07'               OUT/IN ACCESS                 
A$SSPAOU EQU   X'0F'               OUTPUT ACCESS                 
A$SSPAEX EQU   X'70'               EXEC ONLY ACCESS