Objective: generate a report that shows all resources that can be accessed by a particular user ID

The access might be based on the personal permissions or on permissions using group membership.

Running a “Scope report” for a user ID, as this report is called, is supported in the zSecure Admin ISPF interface under option “RA.3.4” (Permit/scope). Alternatively, you can issue line-command “A” (for Authorization) on a user profile. Next, select option “2” (Direct Permit or Connect) in the “Specify type of authorization” section, and press Enter to run the scope report.

Try to run a scope report for user ID IBMUSER, with option “2” (Direct permit or connect). Make sure to also select option “Output in print format” and leave all other fields with their default values.

The output must look something like this screen capture:

As you can see, one of the shortcomings of the default layout of this report is that it is too wide. The column that shows the origin of the pertinent permission falls outside the viewable area of the report. This layout causes that you must scroll right (F11) all the time, to display this information.

How can you improve this default layout?

Press F3 to leave the report and take you to the “results” panel. Issue line-command “E” (for Edit) preceding the highlighted work data set named “COMMANDS” and press Enter. This data set reveals the CARLa code used to produce the scope report that you generated:

Now to change the default report layout, you can shrink the column “Type” to a length of 1. This setting shows only a “G” when the profile is generic or a blank for discrete profiles. In addition, you might also decide to remove the entire column “Volume” because that contains only a value for discrete data set profiles. These discrete data set profiles are rarely used nowadays. Alternatively, you might also decide to move the “Volume” column behind “Via” column in your report.

Issue command “GO” or “RUN” in the command line and press Enter:

As you can see, the access origin (column “Via”) now nicely fits the screen width! You might want to save your adjusted scope report layout in your own CARLa samples library for future use.

Exercises:

 

  1. Run the scope report once again but now include all access that this user ID has to any resource on this system.
     
  2. Run the same scope report for multiple user IDs simultaneously.
     
  3. Run the scope report to show only the personal permissions of the pertinent user ID.

 

 

View Suggested samples and answers

 

Continue with Showing access when RACLISTed

 

© Copyright IBM Corp. 2012, 2020

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.