Can you provide sample ACF2 Compliance Information Analysis(CIA) CIARPT04 report input and output?
Article ID: 47993
Updated On:
Products
ACF2
ACF2 - DB2 Option
ACF2 for zVM
ACF2 - z/OS
ACF2 - MISC
PanApt
PanAudit
Issue/Introduction
Can you provide sample ACF2 Compliance Information Analysis(CIA) CIARPT04 report input and output?
Environment
Release: ACF2..001AO-15-ACF2
Component:
Component:
Resolution
The ACF2 Compliance Information Analysis(CIA) CIARPT04 report will show all dataset and resources allowed access by a Role.
CIARPT04 Resource by Role or User
The ACF2 Compliance Information Analysis(CIA) CIARPT04 report will show all dataset and resource access allowed by a Role.
The following sample report shows all access that is allowed to datasets and resources by rules that specify the Role LIBERTY. This report is based on the following Dataset and Resource rules stored in the ACF2 databases:
ACF
SET RULE
LIST USER002
$KEY(USER002) ROLESET
PDS ROLE(LIBERTY) READ(A) EXEC(A)
ACF
SET RULE
LIST TESTROLE
$KEY(TESTROLE) ROLESET
- ROLE(LIBERTY) READ(A) WRITE(A) ALLOC(A) EXEC(A)
ACF
SET RESOURCE(FAC)
LIST TEST.RESOURCE.ROLE
$KEY(TEST.RESOURCE.ROLE) TYPE(FAC) ROLESET
ROLE(LIBERTY) SERVICE(READ) LOG
ACF
SET RESOURCE(SAF)
LIST DB2A.BATCH
$KEY(DB2A.BATCH) TYPE(SAF) ROLESET
ROLE(LIBERTY) LOG
ACF
SET RESOURCE(SAF)
LIST NEXTROLE
$KEY(NEXTROLE) TYPE(SAF) ROLESET
$PREFIX(ROLETEST)
- ROLE(LIBERTY) ALLOW
ACF
SET RESOURCE(SAF)
LIST ROLETEST
$KEY(ROLETEST) TYPE(SAF) ROLESET
TEST ROLE(PAY) ALLOW
- ROLE(LIBERTY) ALLOW
ACF
SET X(ROL)
LIST LIBERTY
SYS1 / LIBERTY LAST CHANGED BY USER002 ON 05/02/14-09:37
INCLUDE(USER002 TEST002 TEST003 TEST004 TEST099 TEST111
TEST222 TEST333) ROLE
Sample JCL:
//CIARPT03 EXEC PGM=CIARPT03,REGION=0M
//STEPLIB DD DISP=SHR,DSN=SYS1.acf.CAX1LINK
// DD DISP=SHR,DSN=SYS1.EZT.CAILOAD
// DD DISP=SHR,DSN=SYS1.PANSQL.CAILIB
// DD DISP=SHR,DSN=SYS1.SDSNEXIT
// DD DISP=SHR,DSN=SYS1.DB2.SDSNLOAD
//EZTVFM DD UNIT=3390,SPACE=(CYL,(10,1))
//SYSPRINT DD SYSOUT=*
//RPTOUT DD SYSOUT=*
//CNTLCARD DD *
* Parameters go here
* Parameter Names must start in column 1
* Parameter Values must start in column 10
* Use an * in column 1 for comments, such as this one.
* Here are some sample parameters that could be used to
* run the report:
SYSID %
ROLE LIBE***
USERNAME Y
ALL N
SPECIAL N
DATETIME Y
LINECNT 60
/*
Sample Report Output:
5/02/2014 12.41.07 Compliance Information Report - Resource
Input Parameters
----------------
SYSID = %
ROLE = LIBERTY
USERNAME = Y
ALL = N
SPECIAL = N
DATETIME = Y
LINECNT = 60
Systems in the repository matching the requested SYSID:
Sysid Application Name Application Version Load Date
-------- ------------------------ ------------------------ ----------
SYS1 CA ACF2 Release 15.0 2014-02-12
5/02/2014 12.41.07 Compliance Information Report - Resource by Role or User
Compliance Information for ROLE: LIBERTY
Compliance Information for System: SYS1 Product: CA ACF2
Access Due to Policy
==============================================================================
CLASS: DATASET $KEY: USER002
LAST CHANGED BY: USER002 on 2014-05-01 at 14.45.32
------------------------------------------------------------------------------
RESMASK: USER002.PDS
ROLE: LIBERTY
ACCESS: READ(ALLOW) WRITE(PREVENT) ALLOC(PREVENT) EXEC(ALLOW)
==============================================================================
CLASS: DATASET $KEY: TESTROLE
LAST CHANGED BY: TEST002 on 2013-05-16 at 12.48.17
------------------------------------------------------------------------------
RESMASK: TESTROLE.-
ROLE: LIBERTY
ACCESS: READ(ALLOW) WRITE(ALLOW) ALLOC(ALLOW) EXEC(ALLOW)
==============================================================================
CLASS: RFAC $KEY: TEST.RESOURCE.ROLE
LAST CHANGED BY: USER002 on 2014-05-01 at 14.49.05
------------------------------------------------------------------------------
RESMASK: TEST.RESOURCE.ROLE
ROLE: LIBERTY
ACCESS: READ(LOG)
==============================================================================
CLASS: RSAF $KEY: DB2A.BATCH
LAST CHANGED BY: USER002 on 2014-05-01 at 14.47.27
------------------------------------------------------------------------------
RESMASK: DB2A.BATCH
ROLE: LIBERTY
ACCESS: ALL(LOG)
==============================================================================
CLASS: RSAF $KEY: NEXTROLE
LAST CHANGED BY: TEST002 on 2013-05-16 at 15.47.23
------------------------------------------------------------------------------
RESMASK: ROLETEST.-
ROLE: LIBERTY
ACCESS: ALL(ALLOW)
==============================================================================
CLASS: RSAF $KEY: ROLETEST
LAST CHANGED BY: USER002 on 2012-02-23 at 09.28.33
------------------------------------------------------------------------------
RESMASK: ROLETEST.-
ROLE: LIBERTY
ACCESS: ALL(ALLOW)
==============================================================================
Feedback
Yes
No
Powered by
