The ACFRPTDS report includes PDS member names for batch jobs. How can the ACF2 ACFRPTDS report be run to log access to a specific PDS member that is accessed through ISPF?
ACF2 PDS member level protection provides member level security for both batch and ISPF PDS accesses that can be reported on by the ACFRPTRV report.
IEBCOPY from ISPF 3.3 or batch will not cause an SMF record to be cut with the member name. The member name will only be picked up when dsn(member) is specified explicitly in the JCL, for example:
//MYDD DD DISP=SHR,DSN=SAMPLE.LOAD(PRGM1)
If a site utilizes ACF2 PDS member level protection all accesses to the PDS member name can be tracked.
For example member access to the SYS1.PROCLIB PDS can be tracked (logged) as follows.
Compile and store a rule to log all access to SYS1.PROCLIB secured under resource TYPE(PDS):
Add the TYPE(PDS) to the GSO INFODIR and issue the REFRESH and REBUILD commands:
CHANGE INFODIR TYPES(RRPDS) ADD
Turn on PDS member level protection for SYS1.PROCLIB:
INSERT PDS.proc1 LIBRARY(SYS1.PROCLIB) RSRCTYPE(PDS)
Sample ACFRPTRV report showing access to member "MEMBER" in SYS1.PROCLIB by USER001:
RPDS-MEMBER LOG RPDS-********
USER001 Z99LO999 SYS1 ACF9CFAT RULE - DIRECTRY READ
09.335 12/01 14.13 USER001 USER001 TEST USER 0 0 4 0 4
SAF RESOURCE CLASS PDS
RESOURCE NAME: MEMBER
Details on PDS member level protection can be found in "Appendix D: Implementing Member-Level Protection)" in the CA ACF2 for z/OS Administrator Guide.