Idea Details

CA CLEANUP to include the ACCESS request

Last activity 05-29-2019 05:12 PM
jay.a.paulson's profile image
12-30-2015 09:15 AM

Ehnance CA Cleanup to also include the ACCESS level of a request.

If there are two permissions for the same resource (but with different access levels) CA-Cleanup just reports the resource name so you don't know which permission was used.

DATASET(DSN.ONE.TEST) ACCESS(READ)

DATASET(DSN.ONE.TEST)  ACCESS(ALL)


Comments

07-06-2017 09:44 AM

Hi, We would also find access levels and prvpgm very useful.

We use cleanup data extensively and export a slightly reformatted version of the full report to a copy of Splunk every week.

Users find this much more easy to manipulate as they can query the data dynamically with simple search commands.

This also means that graphic visualisations of  ages of permissions for groups is very easy to do for an end user.

The weekly data is only about 30mb so is even usable in the free version of splunk.
Happy to share if anyone else has an interest in doing this.

01-12-2017 06:14 AM

  • As I understand it, this Ideation requests that access levels are included in Cleanup reports, in particular to distinguish usage for two permissions for the same resource with different access levels.  I would go further to suggest that other restrictions, such as PRIVPGM, are also included in the reports.  That would further help to distinguish different permissions for the same resource. 
  • In the previous comments, SYSIN parameter FILTERING(EXTENSIVE) was suggested.  However when I tried this parameter, the report was essentially the same: no access levels were shown (perhaps I am missing something). 
  • Taking the example above, running a report using program AT6#RPT, with parameter UNREF=ALL and an INCLUDE for profile PROFILE1, the output was essentially as follows, regardless of whether the SYSIN parameter was FILTERING(EXTENSIVE) or FILTERING(GENERAL):        

                      Date       Date           Days  Item     Item

          Userid  Loaded  Referenced Unused Class    Name

          -------- ------  ---------- ------ -------- ------------------------

PROFILE1 16.045      .       333   DATASET  DSN.ONE.TEST

PROFILE1 16.045    17.011    001   DATASET  DSN.ONE.TEST

 

What I would like to see in the report, would be extra columns covering access and restrictions, for example:     

   

                      Date       Date           Days      Item     Item                            Item     Item

         Userid  Loaded  Referenced Unused Class    Name                         Access   Restrictions

         -------- ------  ---------- ------ -------- -------------------------   -------  ------------

PROFILE1 16.045      .       333   DATASET  DSN.ONE.TEST        UPDATE   PRIVPGM(IEBCOPY)

PROFILE1 16.045    17.011    001   DATASET  DSN.ONE.TEST   READ

        

Such additional reporting would make the CA-Cleanup product more useful.

05-20-2016 11:41 AM

EXTENSIVE Filtering

Last update March 3, 2015

 

Previously, when multiple PERMITs exist for the same resource and each has different conditions, such as ACCESS, PRIVPGM, LIBRARY or SYSID, each PERMIT is tracked, but the duplicates are dropped during the report processing. PERMITs that should be deleted may not be, as they are not reported on or getting REMOVE statements generated for them. Conversely, PERMITs that should be retained may be REMOVEd in error if a near-duplicate has been reported.

A new SYSIN option, FILTERING(EXTENSIVE|GENERAL), resolves this issue by enhancing the thoroughness of CA Cleanup processing, ensuring complete correlation between the PERMITs in the DB Tracking and the CFILE records.

Note: With this enhancement, the #RPT logic that compares DB records now considers more detail, such that what appears to be duplicate records may exist in the SYSTPRINT output, but the level of detail in that report does not show that they are not, in fact, duplicates. This can occur even if the new option is not specified.

PTF RO45306 - r12.0

PTF RO44000 - r12.1

 

 

 

01-12-2016 10:41 AM

I think a  FILTERING(EXTENSIVE) Report will show you, which permission was used (or unused)