TSO CLIST LISTRP TSO CLIST LISTRP Author: IBM (modifications D.McRitchie) formatted on 04/01/95 06:54 for assistance contact: D. McRitchie DMcRitchie@hotmail.com -------------------------------------------------------------------------------- CLIST NAME. LISTRP users. Any Tso user type. TSO clist resides in SYS1.TSOCLIST -------------------------------------------------------------------------------- Page $USERS-1 SYSTECH NOTICE -- CLISTS -------------------------------------------------------------------------------- LISTRP List RACF protection -- %LISTRP -------------------------------------------------------------------------------- related *---------------------* -------------------------------------------------------------------------------- syntax - ==> TSO LISTRP required parameters - none Options: - ..... choice of datasets -- default PREFIX(userid) ..... DATASET( ) specifies a partially qualified data set name for which you want to find the related RACF profile. Either your prefix or your specied PREFIX() will be used as the high-level qualifier. Usages as in LISTC ENT(LIBR.TEXT) if your own prefix is being used. PREFIX( ) specifies a high-level qualifier for which you want to find all the datasets and the related RACF profiles. If the dataset operand is also specified, then the prefix is used to qualify the dataset name. E( ) fully qualified dsname entry, may contain * as in LISTC ENT('userid.LIBR.TEXT'). L( ) Dsname level to be used, as in LISTC LVL(userid.LIBR). Q( ) fully qualified dataset name w/o quotes. as in LISTC ENT('userid.LIBR.TEXT'). (Options E(), L(), Q(), added by D.McRitchie) ..... additional option choices ...... DISPLAY requests that profile information be displayed. The default is no display. TERSE (subject to later revision or removal of this option). This option will limit the report to actual information without the frills in how the report was produced. Examples: You may try out the following examples. Once LISTRP has been issued you may hit the ATTN key at anytime to terminate the clist should you not wish to continue. ===> LISTRP for user's own datasets. ===> TSOTRAP LISTRP Output is placed into a dataset which is edited; otherwise, same as above. ===> LISTRP dataset(libr.cntl) limit to only your prefix.LIBR.CNTL ===> LISTRP dataset(ispf.profile) limit to your prefix.ISPF.PROFILE ===> LISTRP dataset(share.text) DISPLAY Display profile information for your own userid.SHARE.TEXT. ===> LISTRP E(is03.*.text) DISPLAY Display profile information for the datasets listed by LISTC ENT('is03.*.text'). ===> LISTRP L(is03.LIBR) DISPLAY Display profile information for the datasets listed by LISTC LVL('is03.LIBR'). ===> LISTRP Q(is03.share.text) DISPLAY Display profile information for the fully qualified dsname of IS03.SHARE.TEXT. -------------------------------------------------------------------------------- List RACF protection - %LISTRP Clist supplied by IBM modified to support a Q(fully.qualified) option The purpose of this clist is to demonstrate a method of combining catalog sup- port (IDCAMS) and the RACF search command to report on what data set(s) are pro- tected by what RACF generic and discrete profiles. This clist invokes the RACF search command with the clist option. If you have an 'userid.exec.RACF.clist' data set, it will be deleted by this clist. The re- sults that you get will only be valid for datasets that you have access to. There are of course some exceptions, namely the RACF administration (and the those with the special, or audit attribute) who can probably see all relevant information for any dataset. Consider running this clist in batch under the TMP when large numbers of pro- files and/or dataset names or catalog entries are involved. This clist is an example only and is not supported in any way . It is probable that modifications to this clist will be necessary before it could be considered useful in any particular installation. As written, this clist provides the following function. 1. If a prefix is specified via the prefix operand, then the prefix is used to qualify the RACF profiles and dataset names for the profile search and the catalog search. 2. If a data set name is specified via the dataset operand, then it reports which of the profiles under 'prefix' protects the data set. 3. If you specify no operands, then all your cataloged data set are matched to the profiles that cover them. Generic profiles for RACF protection Profile characters Reference: RACF Command Language Reference SC28-0733 Generic profiles must not contain a generic profile character for the highest level node. In other words the generic profile characters *,**, or % many be used in the highest level qualifier. * Indicates that any number of characters may complete the node and if at the end any number of characters and/or nodes will qualify from the ending *. ** Not valid at our site because EGN is not in effect, if EGN were in ef- fect the meaning of * would be changed. .** protects The use of ** can only be specified as .** and means 0 or more qualifiers and may be used only once with a profile. % Indicates that from this point any characters could be used Examples with an asterisk at the end Profile.: AB.CD* protects.: AB.CD AB.CDEF AB.CD.EF AB.CD.XX AB.CD.EF.GH unprotected.: ABC.DEF ABC.XY.XY.DEF Profile.: AB.CD.* protects.: AB.CD.EF AB.CD.XY AB.CD.EF.GH unprotected.: AB.CD AB.CDEF ABC.DEF AB.XY.XY.DEF Examples with an asterisk or % in the middle Profile.: ABC.%EF protects.: ABC.DEF ABC.XEF unprotected.: ABC.DEFGHI ABC.DEF.GHI ABC.DDEF Profile.: AB.*.CD protects.: AB.CD.CD unprotected.: AB.CD AB.CDEF ABC.DEF AB.XY.XY.DEF Profile.: AB.CD*.EF protects.: AB.CDEF.EF AB.CDE.EF unprotected.: AB.CD.XY.EF LISTRP -- examples of results -------------------------------------------------------------------------------- The following examples were created with TSOTRAP to place the results into a dataset for easier examination. ===> TSO TSOTRAP LISTRP E(IS03.*.TEXT) ===> TSO TSOTRAP LISTRP Q(IS03.SHARE.TEXT) -------------------------------------------------------------------------------- YOU ISSUED THE FOLLOWING COMMAND: ===> TSO LISTRP E(IS03.*.TEXT) Commands issued by LISTRP and merged to create the LISTRP listing LISTC ENT('IS03.*.TEXT') SEARCH MASK(IS03.) LD DATASET('dataset') AUTH -for possibly unprotected ================================================================ PROFILE ==> IS03.LIBR.TEXT PROTECTS THE FOLLOWING CATALOGED DATA SET(S) DATA SET ====> IS03.LIBR.TEXT PROFILE ==> IS03.LIBR2.TEXT PROTECTS THE FOLLOWING CATALOGED DATA SET(S) DATA SET ====> IS03.LIBR2.TEXT PROFILE ==> IS03.LIBR3.TEXT PROTECTS THE FOLLOWING CATALOGED DATA SET(S) DATA SET ====> IS03.LIBR3.TEXT PROFILE ==> IS03.PUBLIC.* PROTECTS THE FOLLOWING CATALOGED DATA SET(S) DATA SET ====> IS03.PUBLIC.TEXT PROFILE ==> IS03.SHARE.TEXT PROTECTS THE FOLLOWING CATALOGED DATA SET(S) DATA SET ====> IS03.SHARE.TEXT THE FOLLOWING DATA SET(S) ARE NOT RACF PROTECTED OR NOT ACCESSIBLE BY YOU. ICH35003I NO RACF DESCRIPTION FOUND FOR IS03.CANADA.TEXT ICH35003I NO RACF DESCRIPTION FOUND FOR IS03.TSOF.TEXT CONCERNING THE POSSIBLY UNPROTECTED DATASETS... OF 2 DATASETS HAVE LOOKED AT 2 DATASETS AND 0 OF THOSE WERE RACF PROTECTED. 2 CHECKED FOR LEVEL MATCHES, FIRST LISTRP COMPLETED -- LISTRP E(IS03.*.TEXT) PROCESSED 24 OF 24 RECORDS IN PROFILE PROCESSED 5 OF 7 RECORDS FROM LISTCAT LISTRP -- BEGAN 02/01/93 11:29:28 -- ENDED 02/01/93 11:29:32 -------------------------------------------------------------------------------- YOU ISSUED THE FOLLOWING COMMAND: ===> TSO LISTRP Q(IS03.SHARE.TEXT) Commands issued by LISTRP and merged to create the LISTRP listing LISTC ENT('IS03.SHARE.TEXT') SEARCH MASK(IS03.) LD DATASET('dataset') AUTH -for possibly unprotected ================================================================ CATALOGED DATA SET ==> IS03.SHARE.TEXT PROTECTED BY PROFILE ==> IS03.SHARE.TEXT UNAFFECTED BY ... ==> IS03.SHARE.* INFORMATION FOR DATASET IS03.SHARE.TEXT (G) (although shown as information for dataset it really is for a profile) LEVEL OWNER UNIVERSAL ACCESS WARNING ERASE ----- -------- ---------------- ------- ----- 00 IS03 READ NO NO AUDITING -------- NONE NOTIFY -------- NO USER TO BE NOTIFIED YOUR ACCESS CREATION GROUP DATASET TYPE ----------- -------------- ------------ ALTER SYSTECH NON-VSAM NO INSTALLATION DATA SECURITY LEVEL ------------------------------------------ NO SECURITY LEVEL CATEGORIES ---------- NO CATEGORIES SECLABEL -------- NO SECLABEL ID ACCESS -------- ------- SYSTECH ALTER ID ACCESS CLASS ENTITY NAME -------- ------- -------- --------------------------------------- NO ENTRIES IN CONDITIONAL ACCESS LIST Documentation and internals To give you an idea of what is actually being combined from a LISTCAT and LISTDSD by the clist, you might try the following: ===> TSO LD dataset(LIBR.*) ===> TSO LISTC LEVEL(userid.LIBR) For more information on these two commands you may enter: ===> TSO TSOTRAP HELP LISTC ===> TSO TSOTRAP HELP LD The CIS Newsletter and it's predecessor the Mytown Information Center News contain some articles that may be of interest. Dec '88, Helpful Hits for TSO users -- RACF, by Marcia Hoffman. The RACF document mentioned, if still distributed, would now be available from Gloria Cevallos. Also check with the RACF Administration, for usage documentation that they may provide. Documentation for many of the Our Company clists is viewable online as is this document which you are now reading. ===> TSO CLIST LISTRP HELP ===> TSO CLIST LISTRP HELP EDIT Because the LISTRP clist is marked as copyright IBM, the modified version will not be included off site. The enhancements that will not be included include: Note -- have reworked code to add the following options Q(), E(), L(), IGNORE(), and TERSE. allowing anyone to use this clist in a normal fashion. Formatted document online ===> TSO CLIST LISTRP HELP Source for documentation -- IS03.SHARE.TEXT(LISTRP)