Re: DFSORT: RACFICE query - how to extract all commands containing some text value

Wed, 13 Dec 2017 05:07:36 -0800 

I don't think he'll mind me mentioning it but Mark Nelson was the 
originator of RACFICE - but that was LONG ago.

He might well have a view.

And the advice to learn some DFSORT is good.

Cheers, Martin

Martin Packer

zChampion, Systems Investigator & Performance Troubleshooter, IBM

+44-7802-245-584

email: [email protected]

Twitter / Facebook IDs: MartinPacker

Blog: 
https://www.ibm.com/developerworks/mydeveloperworks/blogs/MartinPacker

Podcast Series (With Marna Walle): https://developer.ibm.com/tv/mpt/    or 
  
https://itunes.apple.com/gb/podcast/mainframe-performance-topics/id1127943573?mt=2


Youtube channel: https://www.youtube.com/channel/UCu_65HaYgksbF6Q8SQ4oOvA



From:   Elardus Engelbrecht <[email protected]>
To:     [email protected]
Date:   13/12/2017 11:18
Subject:        Re: DFSORT: RACFICE query - how to extract all commands 
containing some text value
Sent by:        IBM Mainframe Discussion List <[email protected]>



Bruce Hewson wrote:

>A query for the ICETOOL/RACFICE experts,

>I have been asked to extract all RACF commands issued relating to a 
specific USERID.
>I am not knowledgable enough with ICETOOLS  to code this myself quickly.

You will have to learn it. Or post your queries on RACF-L. Perhaps someone 
from DFSORT support chimes in here.


This is a two step thing. You first use RACF SMF Unload and then you use 
the ICETOOL job.

This process is hungry hungry HUNGRY on disk space, because the compressed 
SMF records are expanded. Bit fields are expanded in a full 4 bytes per 
bit. say x'01' is expanded into 'YES ' and x'00' to 'NO  '.

Or you can go the DB2 way. I have not done that way.


>The current RACFICE examples do not provide a sample for this.

I am not surprised, but I started my life from that RACFICE examples and 
moved on.

Perhaps there are DB2 samples for that, I simply don't know or just don't 
care.


>Extract and report all commands,  ADDUSER/ALTUSER/PASSWORD/PERMIT that 
reference USER(xyzzy)

Please note: There are two USER fields involved in a RACF command - Issuer 
and subject of the id. 

Issuer is on a specific column, but the subject Userid is in a specific 
column or specific field depending on the command used.

For commands like PERMIT, you won't get a specific id, but you will need 
to examine the 'Keywords Used' and then there you examine the field.


Example for ADDUSER, I have this:

//TOOLIN   DD * 
 SORT    FROM(INDD) TO(TEMP0001) USING(ADD1)
 DISPLAY FROM(TEMP0001) LIST(PRINT1)  - 
         NOCC                         - 
         WIDTH(500)                   - 
         TITLE('RACF ADDUSER Report') - 
         DATE(4MD/)                   - 
         TIME(24:)                    - 
         PAGE                         - 
         BLANK                        - 
         ON(63,8,CH) HEADER('Issuer')      -
         ON(295,20,CH) HEADER('User Name') -
         ON(72,8,CH) HEADER('Group')       -
         ON(32,10,CH) HEADER('Date')       -
         ON(23,8,CH) HEADER('Time')        -
         ON(508,8,CH) HEADER('User Id')    -
         ON(43,4,CH) HEADER('SMFID')       -
         ON(175,8,CH) HEADER('Terminal')   -
         ON(184,8,CH) HEADER('Jobname ')   -
         ON(14,8,CH) HEADER('Result')      -
         ON(517,200,CH) HEADER('Keywords') 

//ADD1CNTL   DD * 
 SORT FIELDS=(5,8,CH,A) 
 INCLUDE COND=(5,8,CH,EQ,C'ADDUSER ',AND,
              32,10,CH,GE,C'2017-01',AND,
             508,3,CH,EQ,C'ABC') 
 OPTION VLSHRT 


For ALTUSER I have this example:

 SORT    FROM(INDD) TO(TEMP0001) USING(ULDF) 
 DISPLAY FROM(TEMP0001) LIST(PRINT) - 
         NOCC         - 
         WIDTH(500)   - 
         TITLE('Group Special Users Activity') -
         DATE(4MD/)   - 
         TIME(24:)    - 
         PAGE         - 
         BLANK        - 
         ON(63,8,CH)    HEADER('Issuer')    - 
         ON(295,20,CH)  HEADER('User Name') - 
         ON(72,8,CH)    HEADER('Group')     - 
         ON(32,10,CH)   HEADER('Date')      - 
         ON(23,8,CH)    HEADER('Time')      - 
         ON(522,8,CH)   HEADER('User Id')   - 
         ON(43,4,CH)    HEADER('SMFID')     - 
         ON(175,8,CH)   HEADER('Terminal')  - 
         ON(184,8,CH)   HEADER('Job Name')  - 
         ON(286,8,CH)   HEADER('Owner  ')   - 
         ON(14,8,CH)    HEADER('Result')    - 
         ON(531,200,CH) HEADER('Keywords Used') 
//ULDFCNTL   DD * 
 SORT FIELDS=(5,8,CH,A) 
 INCLUDE COND=(5,8,CH,EQ,C'ALTUSER ',AND, 
               32,7,CH,GE,C'2017-01',AND, 
               522,3,CH,EQ,C'ABC') 
 OPTION VLSHRT 

... and so on ...

Good luck. You will really need it! Just shout again if you need more 
help.

Groete / Greetings
Elardus Engelbrecht

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN




Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to