How do you run the ACFRPTJL-Restricted Logonid Job Log in batch? Is there sample JCL?
search cancel

How do you run the ACFRPTJL-Restricted Logonid Job Log in batch? Is there sample JCL?

book

Article ID: 26448

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

How do you run the ACFRPTJL-Restricted Logonid Job Log in batch? Is there sample JCL?

 

 

 

Environment

Release:
Component: ACF2MS

Resolution

The ACFRPTJL utility lists all system accesses by logonids with the RESTRICT attribute.

CA-ACF2 provides a sample report named REPORTS in ACF2.SAMPJCL - this JCL will run ACFRPTPP (preprocessor) and then many of the standard report programs including the ACFRPTJL. It does not provide simple JCL to only run one report program.

The ACFRPTJL report parameters can be specified using one of these methods:
The PARM parameter of the EXEC statement in the JCL or SYSIN input statements.

 

Answer:

The ACFRPTJL report utility produces a report from SMF of all system accesses by logonids with the RESTRICT attribute. The RESTRICT attribute indicates that the logonid does not have an associated password. Since these logonids are intended primarily for use by production jobs, their use must be carefully controlled. Since the ACF2 default logonid is defined with the RESTRICT attribute, this log includes a summary of its usage.

The report produced by ACFRPTJL indicates the path of submission for jobs using a restricted logonid. This is important since logonids with the RESTRICT attribute (except for the default logonid) are setup with restrictions to control it's use. Restrictions include the following logonid fields:

  • PROGRAM(pgm_name): specifies that this logonid can only be used when JOBS are submitted by this program.

  • SUBAUTH specifies that this logonid can only used when JOBS are submitted by an authorized program.

  • SOURCE(sourceid) Specifies the one- to eight-character logical or physical input source name or source group name from which this logonid must access the system.

The ACFRPTJL report uses standard CA-ACF2 report JCL like the following two batch submission examples:

Example 1 Using PARM statement for report parameters.

 //REPORT  EXEC PGM=ACFRPTJL,PARM=('TITLE(SAMPLE ACFRPTJL)',  
 //       'TIME(H),MASK(S*******)')                       
 //SYSPRINT DD SYSOUT=*                                       
 //* THE FOLLOWING DDS SHOULD POINT TO THE SMF DATASETS       
 //RECMAN1  DD DISP=SHR,DSN=SYS1.MAN1                
 //RECMAN2  DD DISP=SHR,DSN=SYS1.MAN2                         
 //RECMAN3  DD DISP=SHR,DSN=SYS1.MAN3                         
 //*

Example 2 Using SYSIN file for report parameters.

 //REPORT  EXEC PGM=ACFRPTJL             
 //SYSPRINT DD SYSOUT=*                                    
 //* THE FOLLOWING DDS SHOULD POINT TO THE SMF DATASETS    
 //RECMAN1  DD DISP=SHR,DSN=SYS1.MAN1      
 //RECMAN2  DD DISP=SHR,DSN=SYS1.MAN2                      
 //RECMAN3  DD DISP=SHR,DSN=SYS1.MAN3       
 //SYSIN    DD   *                                         
 TITLE(SAMPLE ACFRPTJL)     
 TIME(H)                                                   
 MASK(S*******)                                            
 //

DD statements

RECxxxxx

These ddnames identify the files containing the input SMF records. ACFRPTJL accepts one SMF input file per ddname. Do not concatenate SMF input files.

SYSPRINT

ACFRPTJL uses the SYSPRINT file for message and summary report output.

Details on the ACFRPTJL report and all applicable parameters can be found in "Chapter 7: ACFRPTJL-Restricted Logonid Job Log" of the CA-ACF2 Report and Utilities Guide.

Powered by Wolken Software