Are there any sample reports for CA Cleanup for RACF?

Document ID : KB000055181
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

  • What can be done with these samples?

  • Is there a way to customize the reports?

Solution:

Yes, the SAMPJCL library contains sample JCL to run reports. These are only samples. They must be modified to meet your shop standards.

  • DBRPT - THIS SAMPLE JOB CAN BE USED TO REPORT ON THE CLEANUP DATABASE.

    • CHANGE ALL OCCURRENCES OF "@@@@" TO NAME AN APPROPRIATE DATASET NAME PREFIX.

    • UPDATE THE PARM= STATEMENT TO INDICATE YOUR THRESHOLD NUMBER OF DAYS FOR SELECTING EITHER REFERENCED OR UNREFERENCED ITEMS. FOR EXAMPLE, CODE PARM='REF=5' TO REPORT ITEMS REFERENCED WITHIN THE PAST 5 DAYS. CODE PARM='UNREF=30' TO REPORT ITEMS UNREFERENCED OVER 30 DAYS. PARM='BOTH' REPORTS THE ENTIRE TRACKING FILE, BOTH REFERENCED AND UNREFERENCED ITEMS, WITHOUT PRODUCING COMMANDS.

    • TO GENERATE A SELECTIVE REPORT, ADD AN INCLUDE STATEMENT SPECIFYING THOSE ENTRIES YOU WANT REPORTED, OR, ADD AN EXCLUDE STATEMENT SPECIFYING THOSE ENTRIES YOU DO NOT WANT REPORTED.
      EXAMPLE INCLUDE STATEMENT:  //INCLUDE DD *  USERIDA  USERIDB  CLASS(CLASS1)  CLASS(USERID) NAME(ABC)  /*  EXAMPLE EXCLUDE STATEMENT:  //EXCLUDE DD *  USERIDC  CLASS(CLASS2)  CLASS(GROUP) NAME(XYZ)  /* 
  • DBRPTC - THIS SAMPLE JOB CAN BE USED TO REPORT ON THE CLEANUP DATABASE AND BUILD COMMAND FILES TO REMOVE UNUSED SECURITY FILE ENTRIES. THE FIRST STEP REFRESHES THE ETRUST CLEANUP DATABASE SO THAT OBSOLETE ENTRIES ARE REMOVED BEFORE COMMAND GENERATION. USE SAMPJCL(DBRPTCMD) TO PROCESS THE GENERATED ETCLNRUL COMMANDS.

    • CHANGE ALL OCCURRENCES OF "@@@@" TO NAME AN APPROPRIATE DATASET NAME PREFIX.

    • CHANGE ALL OCCURRENCES OF "??????" TO NAME AN APPROPRIATE VOLUME FOR OUTPUT DATASETS.

    • CHANGE ALL OCCURRENCES OF "####" TO NAME YOUR RACF DATABASE (SHOWN BY COMMAND "RVARY LIST").

    • UPDATE THE PARM= STATEMENT TO INDICATE YOUR THRESHOLD NUMBER OF DAYS FOR SELECTING EITHER REFERENCED OR UNREFERENCED ITEMS. FOR EXAMPLE, CODE PARM='REF=5' TO REPORT ITEMS REFERENCED WITHIN THE PAST 5 DAYS. CODE PARM='UNREF=30' TO REPORT ITEMS UNREFERENCED OVER 30 DAYS.

  • DBUEXTR - THIS EXTRACTS A SUBSET OF THE RACF DATABASE UNLOAD DATASET. A RACF GROUP NAME IS SPECIFIED AS A PARAMETER. USING A FULL RACF UNLOAD DATASET, THIS GROUP, ALL SUBGROUPS, DEFAULT CONNECTED USERS AND RESOURCES OWNED BY ANY OF THESE GROUPS OR USERS ARE EXTRACTED TO CREATE A NEW UNLOAD FILE.

    THIS SUBSET CAN BE USED TO CREATE A NEW ETRUST CLEANUP DATABASE AND TO CREATE CLEANUP COMMANDS WHEN USED WITH THE REPORT UTILITY.

    • CHANGE THE FOLLOWING #### TO YOUR CURRENT RACF UNLOAD DATASET NAME:
      SET CURDBU=####
    • CHANGE THE FOLLOWING XXXX TO NAME YOUR NEW RACF UNLOAD DATASET:
      SET NEWDBU=XXXX
    • CHANGE THE FOLLOWING TO THE DATASET CONTAINING THE DBUEXTR REXX EXEC:
      SET ETCLEXEC=@@@@.CAIEXEC
    • CHANGE THE STRING *GROUP* IN THE LAST STEP TO THE HIGHEST GROUP NAME FOR WHICH INFORMATION IS TO BE EXTRACTED.

  • DBRPT01 - THIS SAMPLE JOB WILL SPLIT ETCL#RPT OUTPUT INTO "GROUPS" OF OUTPUT. THE GROUPIN FILE (SEE BOTTOM) SPECIFIES USERIDS AND ASSIGNS EACH A "GROUP NAME" FOR REPORTING. ETCL#RPT OUTPUT WILL BE REORGANIZED AND PRESENTED BY EACH ASSIGNED GROUP NAME. USERIDS WITH NO ASSIGNED REPORTING GROUP WILL APPEAR UNDER A GROUP NAME OF $$NONE$$. EACH GROUP IS PRINTED TO A SEPARATE, DYNAMICALLY ALLOCATED SYSOUT FILE.

    • CHANGE THE FOLLOWING XX TO THE REPORTING THRESHOLD IN NUMBER OF DAYS:
      SET UNREF=XX
    • CHANGE THE FOLLOWING @@@@ TO YOUR ETRUST CLEANUP DATASET PREFIX:
      SET ETCLPFX=@@@@
    • CHANGE THE FOLLOWING #### TO YOUR RACF UNLOAD DATASET NAME:
      SET RDBU=####
    STEP1 - RUN ETCL#RPT AND PASS THE REPORT OUTPUT TO A LATER STEP.

    STEP2 - USING SORT, CREATE A LRECL=80 OUTPUT FILE CONTAINING THE RACF GROUP AND USER NAMES WITH THEIR OWNER AS THE GROUPING NAME. THIS STEP CAN BE MODIFIED TO PRODUCE OTHER VALUES AS THE GROUPING NAME.

    STEP3 - USE THE SORT OUTPUT AS THE USERID/GROUP FILE. NOTE THAT ADDITIONAL USERID/GROUP INFORMATION CAN BE CONCATENATED TO GROUPIN.

    IF YOU CREATE YOUR OWN USERID/GROUP FILE, THIS JOB CAN BE RUN WITH JUST THE FIRST AND LAST STEPS.

  • DBRPT02 - THIS SAMPLE JOB WILL REARRANGE ETCL#RPT OUTPUT INTO "GROUPS" OF OUTPUT. THE GROUPIN FILE (SEE BOTTOM) SPECIFIES USERIDS AND ASSIGNS EACH A "GROUP NAME" FOR REPORTING. ETCL#RPT OUTPUT WILL BE REORGANIZED AND PRESENTED BY EACH ASSIGNED GROUP NAME. USERIDS WITH NO ASSIGNED REPORTING GROUP WILL APPEAR UNDER A GROUP NAME OF $$NONE$$. THE OUTPUT IS THEN WRITTEN AS ONE FILE TO SYSPRINT. EACH GROUP IS SEPARATED BY A PAGE BREAK. MANY REPORT DISTRIBUTION SYSTEMS CAN ROUTE THESE GROUPS TO VARIOUS RECIPIENTS.

    • CHANGE THE FOLLOWING XX TO THE REPORTING THRESHOLD IN NUMBER OF DAYS:
      SET UNREF=XX
    • CHANGE THE FOLLOWING @@@@ TO YOUR ETRUST CLEANUP DATASET PREFIX:
      SET ETCLPFX=@@@@
    • CHANGE THE FOLLOWING #### TO YOUR RACF UNLOAD DATASET NAME:
      SET RDBU=####
    STEP1 - RUN ETCL#RPT AND PASS THE REPORT OUTPUT TO A LATER STEP.

    STEP2 - USING SORT, CREATE A LRECL=80 OUTPUT FILE CONTAINING THE RACF GROUP AND USER NAMES WITH THEIR OWNER AS THE GROUPING NAME. THIS STEP CAN BE MODIFIED TO PRODUCE OTHER VALUES AS THE GROUPING NAME

    STEP3 - USE THE SORT OUTPUT AS THE USERID/GROUP FILE. NOTE THAT ADDITIONAL USERID/GROUP INFORMATION CAN BE CONCATENATED TO GROUPIN.

    IF YOU CREATE YOUR OWN USERID/GROUP FILE, THIS JOB CAN BE RUN WITH JUST THE FIRST AND LAST STEPS.

  • DBRPT03 - THIS SAMPLE JOB ALLOWS CLEANUP REPORTING ON RESOURCES INSTEAD OF USER IDS AND GROUPS.

    • CHANGE THE FOLLOWING XX TO THE REPORTING THRESHOLD IN NUMBER OF DAYS:
      SET UNREF=XX
    • CHANGE THE FOLLOWING @@@@ TO YOUR ETRUST CLEANUP DATASET PREFIX:
      SET ETCLPFX=@@@@
    • CHANGE THE FOLLOWING #### TO YOUR RACF UNLOAD DATASET NAME:
      SET RDBU=####
    • SPECIFY YOUR SELECTION CRITERIA.

    SELECTION CRITERIA CAN BE A LIST OF USERIDS, CLASS NAMES AND RESOURCE NAMES. YOU CAN USE ANY OR ALL OF THE KEYWORDS AND CAN SPECIFY ONE OR MORE OF EACH. THE KEYWORD FORMAT IS:

    CLASS(CLASS NAME) NAME(RESOURCE NAME PREFIX)

    CLASS NAMES ARE EXACTLY MATCHED. RESOURCE NAMES ARE MATCHED AS A PREFIX VALUE, THAT IS, ONLY THE NUMBER OF CHARACTERS SPECIFIED AS INPUT ARE COMPARED. MATCH AN EXACT NAME BY ADDING A TRAILING BLANK IN THE INPUT KEYWORD. FOR EXAMPLE, NAME(ABC ) MATCHES ONLY RESOURCE ABC, WHILE NAME(ABC) MATCHES ANY RESOURCE THAT STARTS WITH ABC.

Yes, you can customize any of the RACF/Cleanup reports.

To create a custom report, add an //UNLOAD DD statement to your JCL. This file can then be fed into a report product, such as CA-EASYTRIEVE to customize. The DCB information is not needed for the file creation, just the dataset name, space, volume, etc. See Appendix B of the Implementation Guide for the layout of the userid, dataset, and resource files.