I've been asked by auditors to provide a "system generated list" (ie, a query) of all users with administrative access.
I know people with administrative access have the $DD-ADM profile.
Can you help me with a DataQuery query or some command that will list PERSONS with the $DD-ADM profile.
See below two ways to get the result via Data Query or DDUTILTY:
The following Data Query SYSIN should do it:
Continuation "+" in column 72
----+----1----+----2----+----3----+----4----+----5----+----6----+----7--
//SYSIN DD *
SIGN-ON DATACOM-INSTALL PASSWORD NEWUSER
OPTION QUERYLANG=DQL
FIND RELATIONSHIP RELATED BY SUBJ-OCC-NAME VIA ENTITY-NAME TO PERSON +
WITH PERSON.ENTITY-VER = RELATIONSHIP.SUBJ-VRS-NUM +
AND PERSON.STATUS NOT = 'H' +
AND RELATIONSHIP.ENTITY-NAME = 'PER-ATZ-AUTH' +
AND RELATIONSHIP.OBJ-OCC-NAME = '$DD-ADM' +
SORT RELATIONSHIP SUBJ-OCC-NAME OBJ-OCC-NAME +
PRINT FROM RELATIONSHIP SUBJ-OCC-NAME 'USER NAME' +
OBJ-OCC-NAME 'AUTHORIZATION'
EXECUTE *
or
The following DDUTILTY SYSIN should do it as well:
//SYSIN DD *
+USR DATACOM-INSTALL,NEWUSER
-DEF PATH,PERATZ
-DEF TRACE,AUTHORIZATION.PERSON,PER-ATZ-AUTH
-END
-RPT START,AUTHORIZATION,$DD-ADM(PROD,PRIV),PERATZ
-RPT INDEX
-END
/*