How can I identify all users that have any administration authority within CA TPX?

Document ID : KB000011324
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Need to identify users defined to TPX that have any type of administrator authority. How can this be accomplished?

Environment:
CA TPX for z/OS
Answer:

You can check an individual user's Administrative capabilities using TPXADMIN:

option 1  TPX User/Group Maintenance 
      option 3  User Maintenance
         select user
            option 6  Maintain Administrator Capabilities
 
                    TPX User Maintenance                                       
                                                            Panelid  - TEN0169 
 Command  ===>                                              Userid   - TPXADMIN 
                                                            Termid   - A55TU027
  Userid:                 USER099                           Date     - 11/07/17
                                                            Time     - 17:28:58
                                                                               
 TPX User Administrator:        N        STX User Administrator:        N      
 TPX Master Administrator:       N       STX Master Administrator:       N     
 TPX System Administrator:       N       STX System Administrator:       N     
 TPX Operator Administrator:      N                                            
                                                                               
   Groups this User Administrator can modify:                                  
******************************** BOTTOM OF DATA *******************************

When you don't know the userid(s), the best way get a list of all users with to do this is via TPX batch extract and reporting.

Users have administrative authority when the values of these UINDEX variables are set to "Y":

  • UIDXCMST - Master Administrator 

  • UIDXCSYS - System Administrator 

  • UIDXCOPR - Operator Administrator 

  • UIDXCADM - User Administrator

EXAMPLE 1: Selecting on a single type of administrator authority

Here's a sample extract and report showing all admin authority for users that have master administrator authority. It also shows the other levels of authority these users have been granted.

     //BATCHADM EXEC TPXPROC,VNODE='*BATCH*'
     //EXTFILE  DD    UNIT=SYSDA,SPACE=(CYL,(1,1))
     //RPTFILE  DD    SYSOUT=*
     //*
     //SYSIN DD *
     C
     C  extract from USER records if user has Master Admin authority 
     C 
     EXTRACT GIVING(EXTFILE) USER AND NO SESSIONS (UIDXCMST(Y)) 
     SET RTITLE1 ' ========  === ADMINISTRATOR AUTHORITY === '
     SET RTITLE2 '  USERID   MASTER   SYSTEM   OPER     USER'
     SET RTITLE3 ' ========  ======   ======   ====     ===='
     REPORT GIVING(RPTFILE) USING (EXTFILE)
           ((' &UIDXNAME' ' &UIDXCMST' '&UIDXCSYS' '&UIDXCOPR'
             '&UIDXCADM' ))
     
     
     ========  === ADMINISTRATOR AUTHORITY === 
      USERID   MASTER   SYSTEM   OPER     USER
     ========  ======   ======   ====     ====
     MASTADM   Y        Y        Y        Y   
     NVIADMIN  Y        Y        Y        Y   
     TPXADMIN  Y        Y        Y        Y   
     USER001   Y        Y        Y        Y   
     USER003   Y        Y        Y        Y   
     USER005   Y        Y        Y        Y   
     XXMASTER  Y        N        N        Y

EXAMPLE 2: Selecting users with multiple types of administrator authority

To list users that have multiple administrator authority, you can code all the variables to check within one EXRACT statement. For example, to list users that are both a master administrator AND a system administrator)

     //BATCHADM EXEC TPXPROC,VNODE='*BATCH*'
     //EXTFILE  DD    UNIT=SYSDA,SPACE=(CYL,(1,1))
     //RPTFILE  DD    SYSOUT=*
     //*
     //SYSIN DD *
     C 
     C  extract from USER records if user has Master AND System Admin 
     C 
     EXTRACT GIVING(EXTFILE) USER AND NO SESSIONS (UIDXCMST(Y) UIDXCSYS(Y))
     SET RTITLE1 ' ========  === ADMINISTRATOR AUTHORITY === '
     SET RTITLE2 '  USERID   MASTER   SYSTEM   OPER     USER'
     SET RTITLE3 ' ========  ======   ======   ====     ===='
     REPORT GIVING(RPTFILE) USING (EXTFILE)
           ((' &UIDXNAME' ' &UIDXCMST' '&UIDXCSYS' '&UIDXCOPR'
             '&UIDXCADM' )) 
      
     ========  === ADMINISTRATOR AUTHORITY === 
      USERID   MASTER   SYSTEM   OPER     USER
     ========  ======   ======   ====     ====
     MASTADM   Y        Y        Y        Y   
     NVIADMIN  Y        Y        Y        Y   
     TPXADMIN  Y        Y        Y        Y   
     USER001   Y        Y        Y        Y   
     USER003   Y        Y        Y        Y   
     USER005   Y        Y        Y        Y   

EXAMPLE 3: Selecting users with any type of administrator authority

If you need to list users that have any administrator authority, but not necessarily more than one type, you need to code "OR" processing. This is not feasible within one EXTRACT statement. To achieve this you must code multiple EXTRACT statements with DISP=MOD on the EXTRACT DD statement.

     //BATCHADM EXEC TPXPROC,VNODE='*BATCH*'
     //EXTFILE  DD    UNIT=SYSDA,SPACE=(CYL,(1,1))
     //RPTFILE  DD    SYSOUT=*
     //*                                                              
     C  extract from USER records if user has any Admin authority 
     C                                                               
     EXTRACT GIVING(EXTFILE) USER AND NO SESSIONS (UIDXCMST(Y))      
     EXTRACT GIVING(EXTFILE) USER AND NO SESSIONS (UIDXCSYS(Y))      
     EXTRACT GIVING(EXTFILE) USER AND NO SESSIONS (UIDXCOPR(Y))      
     EXTRACT GIVING(EXTFILE) USER AND NO SESSIONS (UIDXCADM(Y))      
     SET RTITLE1 ' ========  === ADMINISTRATOR AUTHORITY === '       
     SET RTITLE2 '  USERID   MASTER   SYSTEM   OPER     USER'        
     SET RTITLE3 ' ========  ======   ======   ====     ===='        
     REPORT GIVING(RPTFILE) USING (EXTFILE)                          
           ((' &UIDXNAME' ' &UIDXCMST' '&UIDXCSYS' '&UIDXCOPR'       
             '&UIDXCADM' )) 
 
 
     ========  === ADMINISTRATOR AUTHORITY ===
      USERID   MASTER   SYSTEM   OPER     USER
     ========  ======   ======   ====     ====
     MASTADM   Y        Y        Y        Y   
     NVIADMIN  Y        Y        Y        Y   
     TPXADMIN  Y        Y        Y        Y   
     USER001   Y        Y        Y        Y   
     USER003   Y        Y        Y        Y   
     USER005   Y        Y        Y        Y   
     XXMASTER  Y        N        N        Y   
     MASTADM   Y        Y        Y        Y   
     NVIADMIN  Y        Y        Y        Y   
     TPXADMIN  Y        Y        Y        Y   
     USER001   Y        Y        Y        Y   
     USER002   N        Y        Y        Y   
     USER003   Y        Y        Y        Y   
     USER005   Y        Y        Y        Y   
     XXSYS     N        Y        N        Y   
     MASTADM   Y        Y        Y        Y   
     NVIADMIN  Y        Y        Y        Y   
     TPXADMIN  Y        Y        Y        Y   
     USER001   Y        Y        Y        Y   
     USER002   N        Y        Y        Y   
     USER003   Y        Y        Y        Y   
     USER005   Y        Y        Y        Y   
     XXOPER    N        N        Y        Y   
     MASTADM   Y        Y        Y        Y   
     NVIADMIN  Y        Y        Y        Y   
     TPXADMIN  Y        Y        Y        Y   
     USER001   Y        Y        Y        Y   
     USER002   N        Y        Y        Y   
     USER003   Y        Y        Y        Y   
     USER004   N        N        N        Y   
     USER005   Y        Y        Y        Y   
     XXMASTER  Y        N        N        Y   
     XXOPER    N        N        Y        Y   
     XXSYS     N        Y        N        Y   
     XXUSER    N        N        N        Y 

You will likely have noticed that userids have been repeated for each type of authority that they possess. To make this report more useful, this report output should be massaged to remove duplicate rows and present the userids in sorted order.

To remove duplicate rows, it will be necessary further process the report output to remove these duplicates. There are many variations on how this can be accomplished and this should be based upon the utilities available to you at your site. Here is just one way to accomplish this using CA-SORT:

  1. Step BATCHADM: The TPX batch job sends the RPTFILE to a catalogued dataset rather than SYSOUT. 

  2. Step SORT1: The first sort step captures the title lines. 

  3. Step SORT2: The second sort step skips the title lines, then sorts the remaining lines discarding any duplicate lines. 

  4. Step REPORT: The last step concatenates the titles and condensed report into one SYSOUT file.
    //BATCHADM EXEC TPXPROC,VNODE='*BATCH*'
    //EXTFILE  DD UNIT=SYSDA,SPACE=(CYL,(1,1))
    //RPTFILE  DD SYSOUT=*
    //RPTFILE  DD UNIT=SYSDA,SPACE=(CYL,(1,1)),DISP=(NEW,CATLG),
    //            DSN=userid.TPX.RPTFILE
    //SYSIN DD *
    C
    C  extract from USER records if user has any Admin authority
    C
    EXTRACT GIVING(EXTFILE) USER AND NO SESSIONS (UIDXCMST(Y))
    EXTRACT GIVING(EXTFILE) USER AND NO SESSIONS (UIDXCSYS(Y))
    EXTRACT GIVING(EXTFILE) USER AND NO SESSIONS (UIDXCOPR(Y))
    EXTRACT GIVING(EXTFILE) USER AND NO SESSIONS (UIDXCADM(Y))
    SET RTITLE1 ' ========  === ADMINISTRATOR AUTHORITY === '
    SET RTITLE2 '  USERID   MASTER   SYSTEM   OPER     USER'
    SET RTITLE3 ' ========  ======   ======   ====     ===='
    REPORT GIVING(RPTFILE) USING (EXTFILE)
          ((' &UIDXNAME' ' &UIDXCMST' '&UIDXCSYS' '&UIDXCOPR'
            '&UIDXCADM' )) 
    /*
    //*********************************************************************/
    //SORT1   EXEC PGM=SORT,REGION=1024K
    //SYSOUT   DD SYSOUT=*
    //SYSUDUMP DD SYSOUT=A
    //SYSPUNCH DD SYSOUT=B
    //SYSPRINT DD SYSOUT=*
    //SORTIN   DD DSN=userid.TPX.RPTFILE,
    //            UNIT=SYSDA,
    //            DISP=SHR
    //SORTOUT  DD DSN=userid.TPX.RPTFILE.TITLES,
    //            UNIT=SYSDA,
    //            SPACE=(TRK,(1,1)),
    //            DISP=(NEW,CATLG)
    //SYSIN    DD *
       SORT    FIELDS=COPY,STOPAFT=3
    /*
    //*********************************************************************/
    //SORT2   EXEC PGM=SORT,REGION=1024K
    //SYSOUT   DD SYSOUT=*
    //SYSUDUMP DD SYSOUT=A
    //SYSPUNCH DD SYSOUT=B
    //SYSPRINT DD SYSOUT=*
    //SORTIN   DD DSN=userid.TPX.RPTFILE,
    //            UNIT=SYSDA,
    //            DISP=SHR
    //SORTOUT  DD DSN=userid.TPX.RPTFILE.BODY,
    //            UNIT=SYSDA,
    //            SPACE=(TRK,(1,1)),
    //            DISP=(NEW,CATLG)
    //SYSIN    DD *
       SORT    FIELDS=(1,40,AC,A),
                      SKIPREC=3,
                      FILSZ=50
       SUM     FIELDS=NONE
    /*
    //*********************************************************************/
    //REPORT   EXEC PGM=IEBGENER
    //SYSPRINT DD SYSOUT=*
    //SYSUT1 DD DISP=SHR,DSN=userid.TPX.RPTFILE.TITLES
    //       DD DISP=SHR,DSN=userid.TPX.RPTFILE.BODY
    //SYSUT2 DD SYSOUT=*
    //SYSUT3 DD UNIT=3390,SPACE=(CYL,(10))
    //SYSUT4 DD UNIT=3390,SPACE=(CYL,(10))
    //SYSIN  DD *
     GENERATE MAXFLDS=1
    //
     
     
    ========  === ADMINISTRATOR AUTHORITY === 
     USERID   MASTER   SYSTEM   OPER     USER
    ========  ======   ======   ====     ====
    MASTADM   Y        Y        Y        Y
    NVIADMIN  Y        Y        Y        Y
    TPXADMIN  Y        Y        Y        Y
    USER001   Y        Y        Y        Y
    USER002   N        Y        Y        Y
    USER003   Y        Y        Y        Y
    USER004   N        N        N        Y
    USER005   Y        Y        Y        Y
    XXMASTER  Y        N        N        Y
    XXOPER    N        N        Y        Y
    XXSYS     N        Y        N        Y
    XXUSER    N        N        N        Y