zSecure CARLa Videos
zSecure CARLa Videos Courses:
This command shows profile information that is stored in several application segments of a RACF profile in a single output line of a CARLa report.
- With the standard IBM Security zSecure Admin panels, you can list profiles based on values that the BASE or other application segments store. It is even supported to report the information from multiple segments.
- However, in the zSecure ISPF interface or when you use the Print format, this information is shown in separate reports (ISPF) or report lines (Print format).
- For example, what if you decide to generate a user ID overview that shows the user name, default group, revoke status, TSO region size, and assigned UID value. This example means that you must extract information from the BASE, TSO, and OMVS segments simultaneously.
This program shows the user IDs that have system-wide privileges which includes:
- SPECIAL, OPERATIONS
- Understand how to generate a report that compares RACF databases which had user profiles that were added or deleted
Use the COMPAREOPT function to compare records from multiple information sources with each other.
The supported information sources are:
- CKFREEZE data sets
- UNLOAD data sets
- RACF databases
The following CARLa program shows the password interval for all existing user IDs.
With regards to the password interval, two settings exist that are of particular interest to most auditors:
- User IDs that are assigned the PROTECTED attribute do not have a password interval
- Some user IDs might be assigned a password value that never expires. In that case, users can use the same password value infinitely. For these user IDs, by default, the password interval is reported as 255. The value 255 means that a user must never change their password value.
- Know how to compare profiles from two RACF information sources
This program let you retrieve information about the owner of a
resource profile from the user or group that owns the pertinent profile.
This program shows you how to customize the standard zSecure compare IDs report to include more than the supported four user IDs or groups in the ISPF panel.
Shows you how to generate a report that shows all dataset profiles that start with a user ID and allow access through UACC or ID(*).
You will learn how to generate commands to change the
TSO segments of multiple user IDs. This way, you can perform mass
updates to the RACF database.
This program lets you identify whether resource profiles exist that contain ACL entries where the permitted access level is equal to the UACC level that is set for that resource profile.
With IBM Security zSecure Admin option RA.4, you can run mass updates to the RACF database. The Mass update feature supports the following for RACF profiles:
- mass copy
- mass delete
- mass recreates
This program reports the effective access that is defined to resources that are RACLISTed.
This course details how to report all RACF commands that are issued during a certain timeslot that the SMF data sets cover.
This course provides details on how to prevent OPERATIONS users from accessing system sensitive data sets using the zSecure CARLa auditing and reporting language.
You can prevent OPERATIONS user IDs from accessing your sensitive resources as follows:
Create an additional RACF group profile (for example, OPSATTR).
Connect all user IDs that have the OPERATIONS or GROUPOPERATIONS
attribute to this OPSATTR group. A CARLa program to assist you with this
task is shown in this course.
- Permit the defined and populated group to the access control list of all sensitive resource profiles with an access level of “NONE”.
It is suggested to run this next CARLa program on a regular basis through your job scheduler (for example, Tivoli Workload Scheduler). That procedure ensures that this suggested OPERATIONS control is automatically enforced and maintained.
The purpose of this example is to show the use of the OPERATIONS
attribute by user IDs that are assigned the OPERATIONS attribute.
This course shows you how to produce a report from system management facility (SMF) records showing attempts to access resources as UNIX superuser.
This program allows you to find resource profiles where the universal access defined allows update or higher access.
This program lets you generate a set of USS commands to apply against a set of USS files.
This program lets you generate RACF commands that automatically convert access to resources through UACC settings that exceed NONE to a permit to ID(*).
This course details how to produce a report of all user IDs per default group that has two or more user IDs assigned to their name.
This courses explains how to produce statistics about the number of
user IDs that have update access to one or more APF-authorized
- You can use zSecure Audit to produce a detailed listing of all users with access to an APF-authorized library
This course shows you how to produce a report of all user IDs per default group that has two or more user IDs assigned to their name.
With the SUMMARY statement, the CARLa programming language supports a range of statistical functions.
- You can use these functions to enhance your reports with extra statistical information or generated summary overviews.
- You can use DEFINE statements with functions such as MAXIMUM, MINIMUM, AVERAGE, FREQUENCY, and more to create all kinds of statistics.
This course shows you how to generate a report that shows all resources that have permissions directly to a user ID.