I understand the concept, but sounds impossible. What about omitting the records you don’t want? Omitting all user=ELARDUS would be just as bad as changing data if there were intentional efforts going on. Auditors either have to bring their own toolbox, or trust at some point. SMF going to logger is harder to thwart it would seem, but the real question to me would be a method to bulletproof the collection of the data so that it cannot be altered before written. DFSORT is just one tool. What about SAS/MXG?
_________________________________________________________________ Dave Jousma Assistant Vice President, Mainframe Engineering [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Elardus Engelbrecht Sent: Friday, May 15, 2015 7:12 AM To: [email protected] Subject: DFSORT and RACF Hi to all, I want to ask something on IBM-MAIN before I lodge a formal request for DFSORT gurus attention: It is part of my work to produce many audit reports using DFSORT, ICETOOL, custom REXX, COBOL, Assembler programs. Normally, while supported, we don't modify columns in DFSORT/ICETOOL, something like this: INCLUDE COND=(5,4,CH,EQ,C'0200',AND,118,10,CH,GE,C'2015-01-01') OUTREC FIELDS=(1,9,10:10,3,CHANGE=(3,C'ABC',C'CBA'), ... etc ... or INREC IFTHEN=(WHEN=(96,1,CH,EQ,C'S'),OVERLAY=(97:C'ABCDEFGH')), But, I have a need to translate the cryptic columns into something readable. [1] Question: Is there any need to control the modifying of input/output by DFSORT/ICETOOL with RACF? Something like that STGADMIN.?? profiles in FACILITY class to control usage of ADMINISTRATOR keyword in DFDSS? I don't think those auditors will like to see (and not survive) those ability to modify records. Of course I could rerun my jobs from original SMF just to prove these records are not modified anywhere. Thanks in advance! Groete / Greetings Elardus Engelbrecht [1] - My auditors already accept that I use a REXX program to translate something like 'INVPSWD ' by 'Not a valid password' or 'FPROTALL' by 'Failed by PROTECTALL'. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
