z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


The record selection criteria

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

The name of the member containing the record selection criteria is the report member name followed by CNTL (e.g. UGRPCNTL). Record selection is performed using DFSORT control statements, such as SORT and INCLUDE. The SORT command is used to select and sort records. The INCLUDE command is used to specify conditions required for records to appear in the report.

An example of a record selection member is shown in Figure 1. This is the report selection member UGRPCNTL, which contains the selection criteria for the "Users With Extraordinary Group Authorities" report. In this example, we are including only User Connect Data records (record type 0205) when the user has the group-SPECIAL, group-OPERATIONS or group-AUDITOR attribute.
Figure 1. Member UGRPCNTL: Users with extraordinary group authorities: record selection statements
SORT    FIELDS=(10,08,CH,A)       
INCLUDE COND=(5,4,CH,EQ,C'0205',AND,  
             (88,3,CH,EQ,C'YES',OR,   
              93,3,CH,EQ,C'YES',OR,   
              113,3,CH,EQ,C'YES'))    
OPTION  VLSHRT

See z/OS Security Server RACF Macros and Interfaces for record format information for the output records of the IRRADU00 and IRRDBU00 utilities. See z/OS DFSORT Application Programming Guide for the complete details of the DFSORT statements.

Important note about column numbers: Both IRRADU00 and IRRDBU00 create records that are variable-length. Variable-length records have a four-byte record descriptor word (RDW) describing the length of the record. DFSORT considers the RDW to be part of the selectable record columns. This means that you must add 4 to any of the field positions identified for the IRRADU00 and IRRDBU00 records described in z/OS Security Server RACF Macros and Interfaces. In the example in Figure 1, the IRRDBU00 field for record type 0205 is defined in z/OS Security Server RACF Macros and Interfaces as beginning at record position 1. We add 4 to this position to get 5, the value that we must use in both the DFSORT INCLUDE statement for record selection and the ICETOOL ON operand to select the fields for the report.
Parent topic: Using database unload utility output with the DFSORT ICETOOL

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014