Top Secret

Hello TSS-Community!

We have the need to query permissions of an acid, which were valid at en earlier date.

For example, I would like to know the set of permissions (profiles/attributes etc.) of acid 'xyz', which had been valid on March, 17, 2015; did such an acid exist at this date?

Any hints for a simple, effective implementation to enable such historical queries or researches would be highly appreciated.

Josef,

What you are asking for could be accomplished by using data collected in the ADMACCOUNT and ADMPOLICY tables by CA Compliance Manager.

However, a parsing utility would have to be developed which would parse the TSS commands and record the data, along with timestamps, in a set of DB2 tables, which could then be queried.

It is a great idea, but would require a great deal of development time and effort.

I am not certain that we would want CA Technologies to redirect limited development resources for the creation of such a report utility.

However, if there is sufficient interest, a third party developer might well be willing to take up the challenge.

John P. Baker

Josef,

A limited amount of information is available by looking at the ADMINBY field on permits.  You could also offload a copy of the TSS Recovery File and keep that in a weekly/monthly GDG.  It won't help you now, but it would in the future.  We do something like this now:

Step1: //TSSAUDI EXEC PGM=TSSAUDIT

           //AUDITIN DD *

          CHANGES DATE(-01)

Step2: SAS or SORT step to generate a report.  You could also just use ISPF VIEW to do adhoc queries on the TSSAUDIT output GDG.

Hope this helps.

- Don

Josef,

I have marked this assumed answered because it looks like you got some useful feedback here. If you'd like me to unmark it as such, please let me know and I'd be happy to do so!