Most installation have security reports which reports on dataset access violations by users. In client sites, one has to be extremely careful not to receive such violations, as someone from the higher management would be questioned as to why a particular violation happened. In most cases, we do not know if we have or do not have access to a particular dataset. We usually try to browse the dataset and when we get an ICH408I message or system abend S913, we realize that we do not have access to the dataset. But this would be too late and we would have left our fingerprints in system logs and/or SMF.
The below simple REXX, which canbe used to verify if you have access to a particular dataset. It issues LISTDSD TSO command against the dataset and lets the user know if he/she has access to the dataset. Additionally, it also lets him/her know what kind of access he/she has and as a bonus, it provides the information about the RACF profile which protects the dataset (This is applicable only if the user has some access to the dataset).Note: This REXX caters to only RACF as a security product. If your site uses Top-Secret or ACF2, this REXX will not work.
/* Rexx */
/*- Find access to a dataset. -*/
say 'Enter dataset name'
PULL idsn
idsn = strip(idsn)
idsn="'"||strip(idsn,'B',"'")||"'"
access='NONE'
x=outtrap('var1.')
"listdsd da("idsn") auth"
x=outtrap('off')
If var1.0 > 1 Then
access=word(var1.17,1)
Else Do
drop var1.
x=outtrap('var1.')
"listdsd da("idsn") gen auth"
x=outtrap('off')
If var1.0>1 Then
access=word(var1.17,1)
End
if access == 'NONE' then
msg="User has '"||access||"' to the dataset " idsn
else
msg="User has '"||access||"' to the dataset " idsn "Profile ",
"'"||word(var1.1,4)||"' "||word(var1.1,5)
say msg
Exit
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.