Use the COMPAREOPT function to compare records from multiple information sources with each other.

The supported information sources are:

• CKFREEZE data sets
• UNLOAD data sets
• RACF databases
  

This course explains how to use CARLa to run automated compliance checks that verify whether your system is compliant to supported security standards.

In the zSecure interface, you find the rule-based compliance evaluation feature on the AU.R, for Audit Compliance, panel.

Duration: 15 minutes

This program let you retrieve information about the owner of a resource profile from the user or group that owns the pertinent profile.

This program shows you how to customize the standard zSecure compare IDs report to include more than the supported four user IDs or groups in the ISPF panel.

Objective

• Know how to  compare profiles from two RACF information sources

Duration

15 minutes

Objective

• Understand how to generate a report that compares RACF databases which had user profiles that were added or deleted

Duration

15 minutes

This program lets you generate RACF commands that automatically convert access to resources through UACC settings that exceed NONE to a permit to ID(*).

This course details how to delete those user IDs that are inactive for a long period of time. 

{GENERICO:type="hints",style="Tip",text="After the revocation of the inactive user IDs, it is suggested you consider a contingency period from the time of revocation to the time of actual deletion."}{GENERICO:type="hints_end"}

Duration: 15 minutes

 This program lets you identify whether resource profiles exist that contain ACL entries where the permitted access level is equal to the UACC level that is set for that resource profile.

This program allows you to find resource profiles where the universal access defined allows update or higher access.

This course details how to produce a report of all user IDs per default group that has two or more user IDs assigned to their name.

This course explains how to build a watchdog CARLa program that verifies that the most vital general resource classes on your z/OS system are active.

Duration: 15 minutes

This course describes how to build a watchdog CARLa program that verifies that no started task is defined on your system that is assigned the PRIVILEGED attribute.

Duration: 15 minutes

You will learn how to generate commands to change the TSO segments of multiple user IDs. This way, you can perform mass updates to the RACF database.

 This program lets you generate a set of USS commands to apply against a set of USS files.

This course explains how to generate a report about profiles that general resource class XFACILIT stores and includes some XFACILIT class settings from the Class Descriptor Table (CDT).

Duration: 15 minutes

The purpose of this example is to show the use of the OPERATIONS attribute by user IDs that are assigned the OPERATIONS attribute.

 With IBM Security zSecure Admin option RA.4, you can run mass updates to the RACF database. The Mass update feature supports the following for RACF profiles:

• mass copy
• mass delete
• mass recreates

This course provides details on how to prevent OPERATIONS users from accessing system sensitive data sets using the zSecure CARLa auditing and reporting language.

You can prevent OPERATIONS user IDs from accessing your sensitive resources as follows:

1. Create an additional RACF group profile (for example, OPSATTR).
    
2. Connect all user IDs that have the OPERATIONS or GROUPOPERATIONS attribute to this OPSATTR group. A CARLa program to assist you with this task is shown in this course.
    
3. Permit the defined and populated group to the access control list of all sensitive resource profiles with an access level of “NONE”.

It is suggested to run this next CARLa program on a regular basis through your job scheduler (for example, Tivoli Workload Scheduler). That procedure ensures that this suggested OPERATIONS control is automatically enforced and maintained.

This course shows you how to produce a report from system management facility (SMF) records showing attempts to access resources as UNIX superuser.

This course shows you how to generate a report that shows all resources that have permissions directly to a user ID.

This course shows you how to produce a report of all user IDs per default group that has two or more user IDs assigned to their name.

With the SUMMARY statement, the CARLa programming language supports a range of statistical functions.

• You can use these functions to enhance your reports with extra statistical information or generated summary overviews.
  
• You can use DEFINE statements with functions such as MAXIMUM, MINIMUM, AVERAGE, FREQUENCY, and more to create all kinds of statistics.
  

This courses explains how to produce statistics about the number of user IDs that have update access to one or more APF-authorized libraries.

• You can use zSecure Audit to produce a detailed listing of all users with access to an APF-authorized library
  

Objective

Shows you how to generate a report that shows all dataset profiles that start with a user ID and allow access through UACC or ID(*).

Duration

15 minutes

This program shows the user IDs that have system-wide privileges which includes:

• SPECIAL, OPERATIONS
• AUDITOR
• ROAUDIT

This course shows you how to report UNIX System Services (USS) files and directories that store extended Access Control List (ACL) entries for RACF IDs that no longer exist in the RACF database.

Duration: 15 minutes

This document explains how to create reports on user ID inactivity using zSecure CARLa.

Duration: 15 minutes

This course details how to create a report on user IDs with custom fields.

RACF supports the definition of custom fields and storing values for them in the CSDATA segment of user and group profiles.

Before you can use custom fields, the fields must first be defined in the CFIELD resource class.

The detailed characteristics of the custom fields are defined in the CFDEF segment of the corresponding CFIELD profiles.

Duration: 15 minutes

The following CARLa program shows the password interval for all existing user IDs.

With regards to the password interval, two settings exist that are of particular interest to most auditors:

• User IDs that are assigned the PROTECTED attribute do not have a password interval
  
• Some user IDs might be assigned a password value that never expires. In that case, users can use the same password value infinitely. For these user IDs, by default, the password interval is reported as 255. The value 255 means that a user must never change their password value. 
  

This program reports the effective access that is defined to resources that are RACLISTed.

This command shows profile information that is stored in several application segments of a RACF profile in a single output line of a CARLa report.

• With the standard IBM Security zSecure Admin panels, you can list profiles based on values that the BASE or other application segments store. It is even supported to report the information from multiple segments.
  
• However, in the zSecure ISPF interface or when you use the Print format, this information is shown in separate reports (ISPF) or report lines (Print format).
  
• For example, what if you decide to generate a user ID overview that shows the user name, default group, revoke status, TSO region size, and assigned UID value. This example means that you must extract information from the BASE, TSO, and OMVS segments simultaneously. 

This course details how to generate a scope report for a user that shows permissions to profiles that are defined in resource classes that, according to the Class Descriptor Table (CDT) settings, are inactive.

Duration: 15 minutes

This course details how to report all RACF commands that are issued during a certain timeslot that the SMF data sets cover.