Objective: show the use of OPERATIONS by user IDs that possess the OPERATIONS attribute.

This CARLa sample program shows you how to produce a report of:

You must consider running this program or a similar CARLa program to produce regular reports of OPERATIONS user IDs and their activity.

Sample output:

Run the previous CARLa program against the SMF extract named “SMF from systems ED01 and S0W1”. This input set must be selected after issuing the “SETUP FILES” command or by using option “SE.1” in your zSecure session. Note the highest access used by user ID PMIOPER and the count for this value

An experienced RACF administrator knows that user IDs with the OPERATIONS attribute represent a risk to the organizations resource security. OPERATIONS users are able to effectively read or change all resources, in classes that honor the OPERATIONS attribute, if their access level is not explicitly defined. The data set class by default honors the OPERATIONS attribute. In respect of the DASDVOL class, these OPERATIONS user IDs are authorized to scratch entire DASD volumes, unless additional controls are in place.

Note: the “SUP CKFREEZE” statement, which is short for “SUPPRESS”, prevents that the CKFREEZE data set is read to produce this report. Reading a CKFREEZE data set uses a considerable amount of memory and CPU time. When used, the program is able to find a resource name and profile name for VSAM components. Reading the CKFREEZE data set is useful only when processing data set activity records.

 


Continue with Preventing access through OPERATIONS

 

© Copyright IBM Corp. 2012, 2020

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.