z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Reports based on the database unload utility (IRRDBU00)

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

The following reports are based on the output of IRRDBU00. You can find a sample of each report in SYS1.SAMPLIB.
Name
Description
ALDS
Data set profiles which have IDs on the standard access list with ALTER authority. Value: Identifies users who can alter the access list of the profile.
ASOC
Users who have explicit RACF® remote sharing facility (RRSF) associations defined. Value: Identifies users who can direct commands.
BGGR
Discrete general resource profiles with generic characters. Value: Finds profiles which aren't protecting what you think that they are protecting.
CCON
Count of user's connections, flagging those users with more than "x" connections. Value: Helps find a performance bottleneck caused by excessive group connections.
CGEN
Count of general resource profiles. Value: Identifies basic characteristics of the RACF database.
CPRO
Count of user, group, and data set profiles. Value: Identifies basic characteristics of the RACF database.
CONN
User IDs with group authorities above USE. Value: Identifies users with additional privileges.
CUG$
Group names of all universal groups, listing their owners and creation dates. Value: Identifies universal groups that might have members who do not appear in the group's member list.
GIDS
z/OS® UNIX GIDs that are used more than once. Value: Identifies z/OS UNIX groups that are sharing authority characteristics.
GRPM
User IDs of all members of a group, including a universal group, listing the owner of each connection, and group-related user attributes for each member. Value: Provides a complete member listing for universal groups, which is not available using the LISTGRP command.
IDSC
Data set conditional access list entries with an ID(*) entry of other than NONE. Value: Identifies data set profiles that allow any RACF-authenticated user to access data.
IDSS
Data set standard access list entries with an ID(*) entry of other than NONE. Value: Identifies data set profiles that allow any RACF-authenticated user to access data.
IGRC
General resource conditional access list entries with an ID(*) entry of other than NONE. Value: Identifies general resource profiles that allow any RACF-authenticated user to access data.
IGRS
General resource standard access list entries with an ID(*) entry of other than NONE. Value: Identifies general resource profiles that allow any RACF-authenticated user to access data.
NWPI
User IDs that have NOINTERVAL specified as their password interval. Value: Identifies users who are not required to change their passwords.
OMVS
User IDs that have an OMVS segment defined. Value: Identifies users who can use z/OS UNIX with a non-default UID.
PCAM
Program class profiles with specific program names that have 'MAIN' or 'BASIC' for the APPLDATA. Value: Identifies programs that can be used as first program in ENHANCED program security mode.
SUPU
z/OS UNIX "superusers" (UID of zero). Value: Identifies users who have extraordinary privileges within the z/OS UNIX environment.
UADS
Data set profiles with UACCs other than NONE. Value: Identifies data set profiles that allow any user to access data.
UAGR
General resource profiles, excluding profiles in the DIGTCERT class, with UACCs other than NONE. Value: Identifies general resource profiles that allow any user to access data.
UGLB
User IDs with extraordinary global authorities. Value: Identifies users with extraordinary RACF authority.
UGRP
User IDs with extraordinary RACF group authorities. Value: Identifies users with extraordinary RACF authority.
UIDS
z/OS UNIX UIDs that are used more than once. Value: Identifies z/OS UNIX users who are sharing authority characteristics.
URVK
User IDs which are currently revoked. Value: Identifies users who have had a revocation performed.
WNDS
Data set profiles that are in WARNING mode. Value: Identifies data set profiles that are processing in WARNING mode.
WNGR
General resource profiles that are in WARNING mode. Value: Identifies general resource profiles that are processing in WARNING mode.
In addition, the following reports demonstrate advanced ICETOOL techniques:
Name
Description
$CFQG
A count of the number of fully qualified generic profiles that are defined for each high-level qualifier (HLQ). Value: Identifies users who have defined an excessive number of fully qualified generic profiles.
$CHLQ
A count of the number of generic profiles that are defined for each high-level qualifier (HLQ). Value: Identifies a potential performance bottleneck.
$ULAST90
Identifies the user profiles which have been created within the past 90 days. Value: Shows recent administrative activity.
Note that these reports ($CFQC, $CHLQ, and $ULAST90) are standalone reports and are not run using the RACFICE PROC.
Parent topic: Using database unload utility output with the DFSORT ICETOOL

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014