Example zSecure audit reports
Using zSecure Audit, it is possible to generate reports about the RACF® commands that are entered before and after the zSecure™ Command Verifier policy routines have evaluated and possibly modified the RACF commands.
You might generate such a report from the zSecure Audit interactive interface. Select EV.R, specify resource class XFACILIT and resource C4R.**. The following screen is an example of the input you can use.
Menu Options Info Commands Setup
______________________________________________________________________________
zSecure Suite - Events - Resource Selection
Command ===> __________________________________________________ _ start panel
Show records that fit all of the following criteria:
Resource . . . . . C4R.**__________________________________________
Class . . . . . . . XFACILIT (class or EGN mask)
Profile/rule/permit ___________________________________________________
System . . . . . . ____ (system name or EGN mask)
Advanced selection criteria
_ Date and time _ Further resource selection
Output/run options
/ Include detail _ Summarize _ Specify scope
_ Output in print format Customize title Send as e-mail
Run in background Sort differently
It is also possible to create a zSecure Audit custom report for zSecure Command Verifier. The following example, which is also present in member C4RCNA00 in SC4RSMP, can be used as a custom display when you use zSecure Audit version 2.2.1. Most of the commands are related to the information displayed on the reports. The following line is the selection criteria for the RACF commands before zSecure Command Verifier policy processing.
S CLASS=(XFACILIT) PROFILE=(C4R.PREAUD.**)The following line is the selection criteria for the RACF commands after zSecure Command Verifier policy processing.
S CLASS=(XFACILIT) PROFILE=(C4R.PSTAUD.**, C4R.ERRMSG.**)The remaining zSecure Audit statements provide detailed information for the layout of the report. An example is the definition of a variable as a substring of the XFACILIT profile. This substring is the RACF command that is being issued by the terminal-user. The example shown results in a combined report of all RACF commands before and after zSecure Command Verifier policy processing. If you remove the MERGELIST/ENDMERGE statements, you obtain three separate reports.
An example of the output from the combined report is shown. The terminal-user was not authorized to specify the OPERATIONS keyword. It is removed from the RACF command during policy profile processing.
1S M F R E C O R D L I S T I N G 3May07 01:45 to 13May07 22:36
RACF Commands processed by Command Verifier
Date Time Resource
08Dec2001 23:49 Before PIER ALTUSER
System ID SYS1 Fri 11 May 2007 23:49
RACF userid/ACF2 logonid BCSCGB2
User name GUUS SECONDARY ID
SAF profile key C4R.PREAUD.*
SAF resource name C4R.PREAUD.ALTUSER
RACF Command ALTUSER BCSCGB3 OPER
08Dec2001 23:49 After PIER ALTUSER
System ID SYS1 Fri 11 May 2007 23:49
RACF userid/ACF2 logonid BCSCGB2
User name GUUS SECONDARY ID
SAF profile key C4R.PSTAUD.*
SAF resource name C4R.PSTAUD.ALTUSER
RACF Command ALTUSER BCSCGB3