Definition of the users or classes for which to collect detail data

The procedure for the C2PACMON started task has three DDNAMEs that refer to three members in the data set pointed to by the C2PACPRM configuration parameter. The default value for this data set is the CKRPARM data set used for the zSecure configuration. The three members are C2PAMJOB, C2PAMRCL, and C2PAMPCL. They are used to specify for which USERIDs the JOBNAME information is collected, and for which resource class and POE class the Port Of Entry (POE) information is collected. Discuss with the users of the collected Access Monitor events for which events the detail information is needed. Depending on the use of different jobnames and ports of entry, collecting this detail information might result in a significant increase in resource usage for the collected data, and for the data consolidation process. The default configuration members specify that no jobname or POE information is collected.

• Collection of jobname information is controlled by the contents of the C2PAMJOB member. This member has a two column layout. An example is shown after this paragraph. The member name and the ruler line are not part of the member, but are shown here for clarity only. The ruler line highlights that the second column must start in position 10 of the record.

  C2PAMJOB
     ----+----1----+----2
     IBMUSER  YES
     C2PSUSER NO

  The first column contains a USERID for which jobname information is controlled. The second column can contain the value YES or any other value. Jobname information is collected only for those users for which the value YES has been specified. For users that are not included in the C2PAMJOB member, or that have any value other than YES specified, jobname information is not collected. Be sure that all information in this member is specified in uppercase.

  Jobname information is always collected for jobs or started tasks that run without a RACF defined user ID.

• Collection of Port Of Entry information is controlled by the contents of the C2PAMRCL and C2PAMPCL members. These members each have a two column layout. Examples are shown after this paragraph. The member name and the ruler line are not part of the member, but are shown here for clarity only. The ruler lines highlight that the second column must start in position 10 of the record.

  C2PAMRCL
     ----+----1----+----2
     OPERCMDS YES
  C2PAMPCL
     ----+----1----+----2
     CONSOLE  YES
     TERMINAL YES

  The first column contains a resource class for which POE information is controlled. The second column can contain the value YES or any other value. The C2PAMRCL member specifies the resource class for which the access verification is done. This can be any RACF® resource class, such as DATASET, FACILITY, or OPERCMDS. The C2PAMPCL member specifies the resource class (type) of the POE. The following POE classes are recognized: TERMINAL, CONSOLE, JESINPUT, APPCPORT, and SERVAUTH. POE information is collected only for those events for which the Resource class and the POE class both have the value YES specified. If either class specifies any other value, POE information is not collected for this access monitor event. Be sure that all information in these configuration members is specified in uppercase.

Updates to the three configuration members described here are effective for data collected after a restart or after the C2PACMON started task has done a consolidation run. For more information about restarting the C2PACMON started task, or the consolidation process as done by the C2PACMON started task, see Operator commands.