CARLa Report users with APF access

This example is a quick way to produce statistics about the number of user IDs that have update access to one or more APF-authorized libraries. You can use zSecure Audit to produce a detailed listing of everyone with access to an APF-authorized library.

Start with the NEWLIST operand. Because APF-authorized libraries are considered to be a part of the Trusted Computing Base, the required NEWLIST type for this report is "TRUSTED”.

Specify a title for your report with the “TITLE=” (or abbreviated “T=”) keyword.

Use a DEFINE statement to set up variable #USERS as a SUMCOUNT. The #USERS statistic counts the number of user IDs that have update access to one or more APF-authorized libraries. The valid specification for the #USERS counter is

Use a select statement to select only access to APF-authorized data sets as the item you are reporting on. Note the “=:” specification means contains. So in this example, you filter resources that contain “APF” as one of their (possibly multiple) sensitivity reasons. Sensitivity reason “APF” in newlist type “TRUSTED” indicates that the pertinent resource is an APF-authorized library.

Finally, use the SUMMARY statement to generate the report by system and within system by user ID.

The expected output must look something like this screen capture:

As you can see, on this complex ED01, 104 user IDs have update access or higher to one or more APF-authorized libraries. Please be aware that the NEWLIST type “TRUSTED” requires a CKFREEZE data set as input. If you receive error message CKR0214 (12 CKFREEZE file required for selected options), use SETUP FILES to allocate a recent CKFREEZE data set.

View Suggested samples and answers

Continue with Comparing RACF databases

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.