Re: DB/2 and CICS security
W dniu 19.03.2021 o 22:23, Pierre Fichaud pisze: If a security (RACF) violation occurs in a CICS region, where does the violation get reported? I couldn't find anything in the CICS SMF records but I'll look again. Do they get reported in the JESMSGLG or in a CICS ? Does a CICS exit need to be installed? There's tons of documentation to go through. I figured it might be faster to use this forum to get an asnwer. I don't have a CICS system to play with at the moment. I need the same kind of info for DB/2. I've yet to check the SMF record layouts. Again I don't have a DB/2 system to play with. It depends. CICS resource violations *are* reported in CICS syslog, but (assuming RACF shop) it is also recorded in SMF80. Caution: your installation can suppress logging in many ways. Caution: your CICS setup may not enforce RACF checking of given resources. No exit is needed. Documentations: there are two good sources: 1. CICS RACF Security Guide - a part of CICS doco. 2. ES84 course - Implementing RACF Security for CICS. Of course it is paid. (I taught it) DB2 is different animal. 1. DB2 access control may be internal (GRANT/REVOKE) or external (RACF). 2. CICS access to DB2 resources is not the same as user access to DB2, like in SPUFI. Record layouts. Described in details in RACF Macros and Interfaces manual. Part of RACF doco. It is good to ask than to stay uninformed. Especially, your question are well phrased. HTH -- Radoslaw Skorupka (looking for new job) Lodz, Poland -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DB/2 and CICS security
Ah! I somewhat misread the question. Security violations for Db2 are reported as SMF Type 102, IFCID (which is kind of like a subtype, but not in the subtype field) 140. They are not really documented in a manual. They are documented in macros in the Db2 product. They are not reported in SMF 80. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Charles Mills Sent: Friday, March 19, 2021 3:37 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: DB/2 and CICS security There is a DB2 mailing list, run by IDUG. Google can find it for you. I do not *know* the DB2 answer for certain but I believe all RACF violations are caught internally by DB2 and reported as SQL completion codes. RACF manages the whole security process itself -- either (the old way) totally internally or (the new way) by interfacing with RACF, ACF2 or TSS. I believe you are not going to get "classic" RACF violation messages for DB2 security violations. (Nor for CICS, but I know even less about CICS.) Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Pierre Fichaud Sent: Friday, March 19, 2021 2:23 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: DB/2 and CICS security If a security (RACF) violation occurs in a CICS region, where does the violation get reported? I couldn't find anything in the CICS SMF records but I'll look again. Do they get reported in the JESMSGLG or in a CICS ? Does a CICS exit need to be installed? There's tons of documentation to go through. I figured it might be faster to use this forum to get an asnwer. I don't have a CICS system to play with at the moment. I need the same kind of info for DB/2. I've yet to check the SMF record layouts. Again I don't have a DB/2 system to play with. Thanks in advance, Pierre. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DB/2 and CICS security [EXTERNAL]
You indicated RACF which sometimes people use generically for SAF). If you have Top Secret or ACF2 there is an additional SMF record (type 230 IIRC). TSS and ACF2 also generate the type 80s for consistency. Matt Hogstrom m...@hogstrom.org +1-919-656-0564 PGP Key: 0x90ECB270 Facebook <https://facebook.com/matt.hogstrom> LinkedIn <https://linkedin/in/mhogstrom> Twitter <https://twitter.com/hogstrom> “It may be cognitive, but, it ain’t intuitive." — Hogstrom > On Mar 19, 2021, at 7:14 PM, Feller, Paul > <02fc94e14c43-dmarc-requ...@listserv.ua.edu> wrote: > > Pierre, have you tried to look at the SMF Record Type 80 (Security Product > Processing) record for the information you want? > > > > Thanks.. > > Paul Feller > GTS Mainframe Technical Support > > -Original Message- > From: IBM Mainframe Discussion List On Behalf Of > Pierre Fichaud > Sent: Friday, March 19, 2021 4:23 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: DB/2 and CICS security [EXTERNAL] > > If a security (RACF) violation occurs in a CICS region, where does the > violation get reported? > I couldn't find anything in the CICS SMF records but I'll look again. > Do they get reported in the JESMSGLG or in a CICS ? > Does a CICS exit need to be installed? > There's tons of documentation to go through. > I figured it might be faster to use this forum to get an asnwer. > > I don't have a CICS system to play with at the moment. > > I need the same kind of info for DB/2. > I've yet to check the SMF record layouts. > > Again I don't have a DB/2 system to play with. > > Thanks in advance, Pierre. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > Please note: This message originated outside your organization. Please use > caution when opening links or attachments. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DB/2 and CICS security [EXTERNAL]
Pierre, have you tried to look at the SMF Record Type 80 (Security Product Processing) record for the information you want? Thanks.. Paul Feller GTS Mainframe Technical Support -Original Message- From: IBM Mainframe Discussion List On Behalf Of Pierre Fichaud Sent: Friday, March 19, 2021 4:23 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: DB/2 and CICS security [EXTERNAL] If a security (RACF) violation occurs in a CICS region, where does the violation get reported? I couldn't find anything in the CICS SMF records but I'll look again. Do they get reported in the JESMSGLG or in a CICS ? Does a CICS exit need to be installed? There's tons of documentation to go through. I figured it might be faster to use this forum to get an asnwer. I don't have a CICS system to play with at the moment. I need the same kind of info for DB/2. I've yet to check the SMF record layouts. Again I don't have a DB/2 system to play with. Thanks in advance, Pierre. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Please note: This message originated outside your organization. Please use caution when opening links or attachments. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: DB/2 and CICS security
There is a DB2 mailing list, run by IDUG. Google can find it for you. I do not *know* the DB2 answer for certain but I believe all RACF violations are caught internally by DB2 and reported as SQL completion codes. RACF manages the whole security process itself -- either (the old way) totally internally or (the new way) by interfacing with RACF, ACF2 or TSS. I believe you are not going to get "classic" RACF violation messages for DB2 security violations. (Nor for CICS, but I know even less about CICS.) Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Pierre Fichaud Sent: Friday, March 19, 2021 2:23 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: DB/2 and CICS security If a security (RACF) violation occurs in a CICS region, where does the violation get reported? I couldn't find anything in the CICS SMF records but I'll look again. Do they get reported in the JESMSGLG or in a CICS ? Does a CICS exit need to be installed? There's tons of documentation to go through. I figured it might be faster to use this forum to get an asnwer. I don't have a CICS system to play with at the moment. I need the same kind of info for DB/2. I've yet to check the SMF record layouts. Again I don't have a DB/2 system to play with. Thanks in advance, Pierre. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
DB/2 and CICS security
If a security (RACF) violation occurs in a CICS region, where does the violation get reported? I couldn't find anything in the CICS SMF records but I'll look again. Do they get reported in the JESMSGLG or in a CICS ? Does a CICS exit need to be installed? There's tons of documentation to go through. I figured it might be faster to use this forum to get an asnwer. I don't have a CICS system to play with at the moment. I need the same kind of info for DB/2. I've yet to check the SMF record layouts. Again I don't have a DB/2 system to play with. Thanks in advance, Pierre. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
