The following reports are based on the output of IRRDBU00. You
can find a sample of each report in SYS1.SAMPLIB.
- Name
- Description
- ALDS
- Data set profiles which have IDs on the standard access list with
ALTER authority. Value: Identifies users who can alter the
access list of the profile.
- ASOC
- Users who have explicit RACF® remote
sharing facility (RRSF) associations defined. Value: Identifies
users who can direct commands.
- BGGR
- Discrete general resource profiles with generic characters. Value: Finds
profiles which aren't protecting what you think that they are protecting.
- CCON
- Count of user's connections, flagging those users with more than
"x" connections. Value: Helps find a performance bottleneck
caused by excessive group connections.
- CGEN
- Count of general resource profiles. Value: Identifies basic
characteristics of the RACF database.
- CPRO
- Count of user, group, and data set profiles. Value: Identifies
basic characteristics of the RACF database.
- CONN
- User IDs with group authorities above USE. Value: Identifies
users with additional privileges.
- CUG$
- Group names of all universal groups, listing their owners and
creation dates. Value: Identifies universal groups that might
have members who do not appear in the group's member list.
- GIDS
- z/OS® UNIX GIDs that are used more than once. Value: Identifies z/OS UNIX groups
that are sharing authority characteristics.
- GRPM
- User IDs of all members of a group, including a universal group,
listing the owner of each connection, and group-related user attributes
for each member. Value: Provides a complete member listing
for universal groups, which is not available using the LISTGRP command.
- IDSC
- Data set conditional access list entries with an ID(*) entry
of other than NONE. Value: Identifies data set profiles that
allow any RACF-authenticated user to access data.
- IDSS
- Data set standard access list entries with an ID(*) entry
of other than NONE. Value: Identifies data set profiles that
allow any RACF-authenticated user to access data.
- IGRC
- General resource conditional access list entries with an ID(*) entry
of other than NONE. Value: Identifies general resource profiles
that allow any RACF-authenticated user to access data.
- IGRS
- General resource standard access list entries with an ID(*) entry
of other than NONE. Value: Identifies general resource profiles
that allow any RACF-authenticated user to access data.
- NWPI
- User IDs that have NOINTERVAL specified as their password interval. Value: Identifies
users who are not required to change their passwords.
- OMVS
- User IDs that have an OMVS segment defined. Value: Identifies
users who can use z/OS UNIX with
a non-default UID.
- PCAM
- Program class profiles with specific program names that have 'MAIN'
or 'BASIC' for the APPLDATA. Value: Identifies programs that
can be used as first program in ENHANCED program security mode.
- SUPU
- z/OS UNIX "superusers"
(UID of zero). Value: Identifies users who have extraordinary
privileges within the z/OS UNIX environment.
- UADS
- Data set profiles with UACCs other than NONE. Value: Identifies
data set profiles that allow any user to access data.
- UAGR
- General resource profiles, excluding profiles in the DIGTCERT
class, with UACCs other than NONE. Value: Identifies general
resource profiles that allow any user to access data.
- UGLB
- User IDs with extraordinary global authorities. Value: Identifies
users with extraordinary RACF authority.
- UGRP
- User IDs with extraordinary RACF group
authorities. Value: Identifies users with extraordinary RACF authority.
- UIDS
- z/OS UNIX UIDs
that are used more than once. Value: Identifies z/OS UNIX users who
are sharing authority characteristics.
- URVK
- User IDs which are currently revoked. Value: Identifies
users who have had a revocation performed.
- WNDS
- Data set profiles that are in WARNING mode. Value: Identifies
data set profiles that are processing in WARNING mode.
- WNGR
- General resource profiles that are in WARNING mode. Value: Identifies
general resource profiles that are processing in WARNING mode.
In addition, the following reports demonstrate advanced ICETOOL
techniques:
- Name
- Description
- $CFQG
- A count of the number of fully qualified generic profiles that
are defined for each high-level qualifier (HLQ). Value: Identifies
users who have defined an excessive number of fully qualified generic
profiles.
- $CHLQ
- A count of the number of generic profiles that are defined for
each high-level qualifier (HLQ). Value: Identifies a potential
performance bottleneck.
- $ULAST90
- Identifies the user profiles which have been created within the
past 90 days. Value: Shows recent administrative activity.
Note that these reports ($CFQC, $CHLQ, and $ULAST90)
are standalone reports and are not run using the RACFICE PROC.