Definition of the users or classes for which to collect detail data
The procedure for the C2PACMON started task has three DDNAMEs that refer to three members in the data set pointed to by the C2PACPRM configuration parameter. The default value for this data set is the CKRPARM data set used for the zSecure configuration. The three members are C2PAMJOB, C2PAMRCL, and C2PAMPCL. They are used to specify for which USERIDs the JOBNAME information is collected, and for which resource class and POE class the Port Of Entry (POE) information is collected. Discuss with the users of the collected Access Monitor events for which events the detail information is needed. Depending on the use of different jobnames and ports of entry, collecting this detail information might result in a significant increase in resource usage for the collected data, and for the data consolidation process. The default configuration members specify that no jobname or POE information is collected.
- Collection of jobname information is controlled by the contents
of the C2PAMJOB member. This member has a two column layout. An example
is shown after this paragraph. The member name and the ruler line
are not part of the member, but are shown here for clarity only. The
ruler line highlights that the second column must start in position
10 of the record.
The first column contains a USERID for which jobname information is controlled. The second column can contain the valueC2PAMJOB ----+----1----+----2 IBMUSER YES C2PSUSER NO
YES
or any other value. Jobname information is collected only for those users for which the valueYES
has been specified. For users that are not included in the C2PAMJOB member, or that have any value other thanYES
specified, jobname information is not collected. Be sure that all information in this member is specified in uppercase.Jobname information is always collected for jobs or started tasks that run without a RACF defined user ID.
- Collection of Port Of Entry information is controlled by the contents
of the C2PAMRCL and C2PAMPCL members. These members each have a two
column layout. Examples are shown after this paragraph. The member
name and the ruler line are not part of the member, but are shown
here for clarity only. The ruler lines highlight that the second column
must start in position 10 of the record.
The first column contains a resource class for which POE information is controlled. The second column can contain the valueC2PAMRCL ----+----1----+----2 OPERCMDS YES C2PAMPCL ----+----1----+----2 CONSOLE YES TERMINAL YES
YES
or any other value. The C2PAMRCL member specifies the resource class for which the access verification is done. This can be any RACF® resource class, such as DATASET, FACILITY, or OPERCMDS. The C2PAMPCL member specifies the resource class (type) of the POE. The following POE classes are recognized: TERMINAL, CONSOLE, JESINPUT, APPCPORT, and SERVAUTH. POE information is collected only for those events for which the Resource class and the POE class both have the valueYES
specified. If either class specifies any other value, POE information is not collected for this access monitor event. Be sure that all information in these configuration members is specified in uppercase.
Updates to the three configuration members described here are effective for data collected after a restart or after the C2PACMON started task has done a consolidation run. For more information about restarting the C2PACMON started task, or the consolidation process as done by the C2PACMON started task, see Operator commands.