How do you run the ACFRPTXR-The Cross-Reference Report in batch? Is there sample JCL?

Document ID : KB000025092
Last Modified Date : 09/05/2018
Show Technical Document Details
Question:

How do you run the ACFRPTXR-The Cross-Reference Report in batch? Is there sample JCL?

 

 

Answer:

ACFRPTXR determines who has access to a specified data set or resource, based on standard eTrust CA-ACF2 security controls. CA ACF2 provides a sample report named REPORTS in ACF2.SAMPJCL - this JCL will run ACFRPTPP (preprocessor) and then many of the standard report programs including the ACFRPTXR report. It does not provide simple JCL to only run one report program.

The ACFRPTXR report parameters can be specified using one of these methods:

The PARM parameter of the EXEC statement in the JCL or the SYSIN DD.

The ACFRPTXR report uses standard CA-ACF2 report JCL for batch submission as shown in the following two examples.

The following examples:

Example 1 Using PARM statement for report parameters.

//REPORT  EXEC PGM=ACFRPTXR,PARM=('TITLE(SAMPLE ACFRPTXR)',    
//       'ACF2,DSET,LIDNAME')                              
//SYSPRINT DD SYSOUT=*
//SYSUT1   DD UNIT=SYSDA,SPACE=(CYL,(2,2)),DCB=BUFNO=5  
//SYSUT2   DD UNIT=SYSDA,SPACE=(CYL,(2,2)),DCB=BUFNO=5
//SYSDSLST  DD  *           
SYS1.PARMLIB
SYS1.PROCLIB

Example 2 Using SYSIN file for Dataset report parameters.

//REPORT  EXEC PGM=ACFRPTXR                                   
//SYSPRINT DD SYSOUT=*
//SYSUT1   DD UNIT=SYSDA,SPACE=(CYL,(2,2)),DCB=BUFNO=5  
//SYSUT2   DD UNIT=SYSDA,SPACE=(CYL,(2,2)),DCB=BUFNO=5
//SYSDSLST  DD  *           
SYS1.PARMLIB
SYS1.PROCLIB                         
//SYSIN    DD   *                                             
TITLE(SAMPLE DATASET ACFRPTXR)                                        
ACF2
DSET                                                        
LIDNAME                                                
//*

Example 3 Using SYSIN file for Resource report parameters.

//REPORT  EXEC PGM=ACFRPTXR                                   
//SYSPRINT DD SYSOUT=*
//SYSUT1   DD UNIT=SYSDA,SPACE=(CYL,(2,2)),DCB=BUFNO=5  
//SYSUT2   DD UNIT=SYSDA,SPACE=(CYL,(2,2)),DCB=BUFNO=5
//SYSIN    DD   *                                             
TITLE(SAMPLE RESOURCE ACFRPTXR)                                        
ACF2                                                           
RSRC                                                           
TYPE(FAC)                                                      
NAME(BPX.CONSOLE)                                              
LIDNAME                                                        
CLASS(R)                                               
//*

Example 4 Using SYSIN file for Resource report parameters for multiple Resource Keys.

//REPORT EXEC PGM=ACFRPTXR,REGION=0M                         
//SYSPRINT DD SYSOUT=*                                       
//SYSUT1 DD   UNIT=SYSDA,SPACE=(CYL,(100,100)) DCB=BUFNO=30  
//SYSUT2 DD   UNIT=SYSDA,SPACE=(CYL,(500,500)),DCB=BUFNO=30  
//SYSRSLST  DD  *,DCB=BLKSIZE=80                             
TYPE(ITP) NAME(CDA)                                          
TYPE(ITP) NAME(TRAN2)   
TYPE(ITP) NAME(TRAN3)                                     
//SYSIN DD *                                                 
ACF2                                                         
RSRC                                                         
CLASS(R)                                                     
LID                                                          
LIDNAME                                                      
NEXTKEY                                                      
//*         

ACFRPTXR JCL Parameters
{ACF2|NOACF2}
Specification of this parameter is required.
ACF2 specifies that ACFRPTXR use the online eTrust CA-ACF2 clusters.
NOACF2 specifies that the report is based on alternate databases provided by the RULES, LOGONIDS, or INFOSTG input files.

[DSET|RSRC] DSET specifies that ACFRPTXR process data set access rules. The DSN, RKEY, and VOL input parameters might be provided using the JCL parameter field or the SYSDSLST input file. See also the DSN, RKEY, and VOL parameters in the following.
RSRC specifies that ACFRPTXR process resource rule sets and eTrust CAACF2 for DB2 rule sets. The TYPE, NAME, and CLASS input parameters might be provided through either the JCL parameter field or the SYSRSLST input file. See also the TYPE, NAME, and CLASS parameters in the following.

[DSN(dsn)]
Specifies that ACFRPTXR use a single data set name without the need for the SYSDSLST file.

[LID|NOLID]
LID indicates that ACFRPTXR is to create a cross-reference report and list all of the logonids that have access to the specified data set or resource.
NOLID suppresses the listing of logonids. Only the applicable rule sets are listed.

[LIDNAME]
Produces a combined list of all logonids and their complete logonid name that have access to the specified data set or resource. LIDNAME is only active when LID is specified. When LIDNAME is not specified in the parameter list , the condensed list of the LIDs is produced.

[NAME(name)]
Specifies the name of the resource processed. NAME is valid only when used with the RSRC, TYPE, CLASS parameters.

[RKEY(rule-key)]
Specifies this parameter is valid only when the DSET parameter is also specified. RKEY has two uses:

  • RKEY is used with the DSN parameter to specify the key of the rule set used to validate the data set access.
  • RKEY is used with a DSN parameter of dash (-) when you want to list all the rule entries for a particular key.

[RRSUM|NORRSUM]
Specifies that the additional Rule Record Summary portion of ACFRPTXR is produced at the end of the report.

[CLASS(R|class)]
Specifies the one-character storage class code of the resource processed. The default code is R (for resource rules).

[TYPE(type)]
Specifies the three-character resource type processed. TYPE is valid only when the RSRC and NAME parameters are also specified.

[VOL(volser)]
Specifies the volume serial number of the volume where the data set resides. If no volume serial is specified, all volume information in the access rule set is ignored (volume masks specified in the rules are all considered as matches).

DD statements
RECxxxxx
These ddnames identify the files containing the input SMF records. ACFRPTXR accepts one SMF input file per ddname. Do not concatenate SMF input files.

SYSPRINT
ACFRPTXR uses the SYSPRINT file for message and summary report output.

SYSDSLST
SYSDSLST is an optional file used to specify a list of data set names processed by ACFRPTXR. This file is used only when the DSET input parameter is selected. Operation of ACFRPTXR for a single data set is specified in the JCL parameter field. If the DSN parameter is not specified on the JCL parameter field, ACFRPTXR expects to process the SYSDSLST input file. With this facility, you can process a list of multiple data set names. This type of processing is useful when all the data sets in the system are requested. Large volume requests should not be done online. The format of the SYSDSLST input statement is:

dsn [vol] RKEY(rule-key)

SYSRSLST
SYSRSLST is an optional file that specifies a list of resource names. The SYSRSLST file is valid only when used with the RSRC input parameter. If only one resource name is processed, specify the resource in the TYPE, NAME, and CLASS parameter fields. The format of SYSRSLST input is as follows:

TYPE(type) NAME(name) [CLASS(R|class)]

SYSUT1
This is one of two scratch files required by ACFRPTXR.

SYSUT2
Scratch file that stores the decompiled rule sets for ACFRPTXR.

LOGONIDS
The LOGONIDS file is used to direct ACFRPTXR to use the current online eTrust CA-ACF2 databases to make determinations.

RULES
The RULES file is used with the LOGONIDS file to have ACFRPTXR operate on historical data.

INFOSTG
The INFOSTG file is used with the LOGONIDS file and directs ACFRPTXR to operate on historical data.

 Additional Information: 

Details on the ACFRPTXR report and all available parameters can be found in section "ACFRPTXR-The Cross-Reference Report" of the CA ACF2™ for z/OS - 16.0 documentation.