Viewing data set rules
Procedure
To view data set rules, complete the following steps:
- Press PF3 to return to the Main menu.
- Select the ACF2 Administration option.
- Type R to display the Rules functions
as shown in Figure 1.
Figure 1. Select rules overview Menu Options Info Commands Setup --------------------------------------------------------------------- zSecure Audit for ACF2 Option ===> R_______________________________________________________________ More: + SE Setup Options and input data sets AA ACF2 ACF2 Administration L Logonid Logonid overview R Rules Rules overview I Resource Resource rules overview S Infostorage Infostorage record overview C Custom Custom report AU Audit Audit security and system resources RE Resource Resource reports EV Events Event reporting from SMF and other logs CO CARLa Work with CARLa queries and libraries IN Information Information and documentation LO Local Locally defines options X Exit Exit this panel Input complex: *NONAME* Product/Release 5655-ABC IBM Security zSecure Audit for ACF2 3.1.0 - Press Enter to open the Rules Selection panel.
- Type a high-level qualifier in the data set
HLQ field that is appropriate for your environment; for
example, SYS1. The example shown in Figure 2 uses CRM2.
In the Output/run options section, notice that the Show rule lines option, which is the default setting, is selected. This setting requests display of all rule lines for a rule set key (that is, the high-level qualifier).
Figure 2. Rules Selection panel Menu Options Info Commands Setup ------------------------------------------------------------------------------- zSecure Audit for ACF2 – Rules Selection Command ===> __________________________________________________ _ start panel Show rules that fit all of the following criteria Data set HLQ . . . CRM2____ (qualifier or ACF2 mask) UID string . . . . ________________________ _ Treat as ACF2 mask Match data set. . . ____________________________________________ (no mask) Match UID string. . ________________________ (fully specified UID, no mask) Match UID(s) of LID ________ (logonid or ACF2 mask) Additional selection criteria _ Other fields Output/run options / Show rule lines _ By rule set _ Expand nextkey _ Print format Customize title Send as email Background run Form oriented Sort differently Narrow print - Press Enter to open the ACF2_RULELINE display panel shown
in Figure 3.
Figure 3. Default display when requesting a high-level qualifier or rule key IBM Security zSecure Audit ACF2_RULELINE display Command ===> _________________________________________________ Scroll===> CSR_ All rule lines with HLQ CRM2 9 May 2011 22:10 x DSN mask UID mask User __ CRM2.ACCTNG.BACKUP **OPS- __ CRM2.ACCTNG.MASTER NEACCCLK- __ CRM2.ACCTNG.MASTER NEACCMGR- __ CRM2.ACCTNG.- NEACC- __ CRM2.APPL.CODE NEDEVPRG*********PBAKER- __ CRM2.CUSTOMER.MASTER NEMKT- __ CRM2.CUSTOMER.- NEMKT- __ x CRM2.D-.- - __ CRM2.HELP.FILES NEHLP- __ x CRM2.M-.- - __ x CRM2.PROD.- - __ CRM2.SEC.FILES NESEC- __ CRM2.SEC.INFO NESECMGR- __ CRM2.SOFTWARE.- NESYSPRG- __ CRM2.SYSTEM.LIB NESYSPRG*********JSMITH- __ CRM2.S-.APPS CRMB****CRMBTC1- __ CRM2.TEST.APPS CRMB****CRMBTC1- __ CRM2.TRACK.USER NESECMGR- __ CRM2.VENDOR.ACCTS **PUR- __ CRM2.VENDOR.LIST **PUR-In Figure 3, the rule set, CRM2, contains all data set rule entries for the high-level qualifier
CRM2. Your display will look similar. This example shows multiple rule line entries for data sets that begin withCRM2. The entries are presented in collating sequence.The following columns across the panel indicate rule line fields:
- DSN mask column
- Lists the data set name entries such as CRM2.ACCTNG.MASTER.
- UID mask column
- Indicates the groups of users or individuals that are associated with the data set name entry such as NEACCMGR-.
- User column
- Indicates whether this entry applies only to this user ID.
- Press PF11 to shift right and view the permissions (for
example, RW E) granted to the users in the UID mask column
for the data set listed in the DSN mask column.
Figure 4. Display of permission parameter values IBM Security zSecure Audit ACF2_RULELINE display Command ===> _________________________________________________ Scroll===> CSR_ All rule lines with HLQ CRM2 9 May 2011 22:10 x DSN mask Role Perm N NextKey Vo __ CRM2.ACCTNG.BACKUP R E __ CRM2.ACCTNG.MASTER Rw E __ CRM2.ACCTNG.MASTER RW E __ CRM2.ACCTNG.- R E __ CRM2.APPL.CODE RW E __ CRM2.CUSTOMER.MASTER RW E __ CRM2.CUSTOMER.- R E __ x CRM2.D-.- __ CRM2.HELP.FILES RW E __ x CRM2.M-.- __ x CRM2.PROD.- __ CRM2.SEC.FILES R E __ CRM2.SEC.INFO RW E __ CRM2.SOFTWARE.- RW E __ CRM2.SYSTEM.LIB RWAE __ CRM2.S-.APPS R E __ CRM2.TEST.APPS R E __ CRM2.TRACK.USER RW E __ CRM2.VENDOR.ACCTS RW E __ CRM2.VENDOR.LIST RW EThe rule set in Figure 3 shows that any user with a matching uid string of **OPS can read and run the data set CRM2.ACCTNG.BACKUP. In this example, the uid (**OPS) indicates users in all locations within the operations (OPS) department that can read the specified data set. All locations are listed because location is masked.
Table 1 lists the permission codes and corresponding descriptions.Table 1. Permission codes and descriptions Permission Code Description R Read W Write A Allocate - create, delete, rename, catalog, uncatalog E Execute - applies only to executable code, a program, and not data files Lowercase letters under the Perm column on the panel indicate that access is allowed, but logged. For example, Rw E means that read is allowed, write is allowed and logged, and execute is allowed.