z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Creating customized reports

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can create your own reports using the RACFICE procedure by following these steps:
  1. Identify the records that you want for the report.
    1. Define the DFSORT statements for the record selection criteria.
    2. Place them in the RACFICE data set with a unique member name consisting of a 1 - 4 character report identifier followed by CNTL.
    If there is an existing report that has similar selection criteria, use it as a model. For example, if you want to report all the access records created when users PATTY, MAXINE, and LAVERNE accessed resources, you need to create DFSORT selection statements that look like Figure 1 and store them in your RACFICE report data set as the PMLCNTL record selection criteria.
    Figure 1. Customized record selection criteria
    INCLUDE COND=(63,8,CH,EQ,C'PATTY',OR,
        63,8,CH,EQ,C'MAXINE',OR,
        63,8,CH,EQ,C'LAVERNE')
OPTION  VLSHRT

    Note the similarity of this record selection criteria to the "Users With Extraordinary Group Authorities Report" record selection criteria shown in Figure 1.

    See z/OS DFSORT Application Programming Guide for the complete details of the DFSORT statements.

  2. Identify the report format you want to use.
    1. Define the ICETOOL statements for the report format.
    2. Place them in the RACFICE data set with a 1 - 4 character report identifier that you chose.
    If there is an existing report that has similar report format, use it as a model. For example, if you wanted your report to contain the user ID, job name, date, time, and status of the access you could use the ICETOOL report statements shown in Figure 2, and store them in your RACFICE report data set as the PML report format.
    Figure 2. Customized report format
    COPY    FROM(ADUDATA)  TO(TEMP0001) USING(RACF)
DISPLAY FROM(TEMP0001) LIST(PRINT) -
        PAGE -
        TITLE('Patty, Maxine, and Laverne's Accesses') -
        DATE(YMD/) -
        TIME(12:) -
        BLANK -
        ON(63,8,CH)  HEADER('User ID') -
        ON(5,8,CH)   HEADER('Event') -
        ON(12,8,CH)  HEADER('Qualifier') -
        ON(23,8,CH)  HEADER('Time') -
        ON(32,10,CH) HEADER('Date') -
        ON(184,8,CH) HEADER('Job Name')

    Note the similarity of this report format to the "Users With Extraordinary Group Authorities" report format shown in Figure 1.

    For complete details on the ICETOOL statements, see z/OS DFSORT Application Programming Guide.

  3. Update the report JCL to invoke the RACFICE procedure with the 1 - 4 character report identifier you chose, as shown in Figure 3.
    Figure 3. Customized report JCL
    //jobname  JOB  Job card...
//stepname EXEC RACFICE,REPORT=PML
Parent topic: Using database unload utility output with the DFSORT ICETOOL

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014