RACF Utilities HTML
readme file.
1. Overview of utilities
2. Release Notes
3. Quick Reference
4. More detailed notes on
each utility
5. Sample JCL used to obtain input data
1. Overview of utilities
The idea of these utilities is to take a flatfile download from the mainframe
onto the PC and then process it to produce reports and or JCL. The JCL can be
checked and when you are satisfied it will do what you want you then upload it
onto the mainframe and submit it as with any other JCL.
To get started you will need to get the flat file download from RACF, one or
more of these utilities, and a suitable RACF.INI file. I have supplied sample
JCL at the end for obtaining the flat file from RACF although this is well
documented in the IBM manuals. The utilities can be downloaded from my home
page much as with this readme.htm file. The home page also has a sample
RACF.INI file, which should be downloaded.
The sample RACF.INI file is expecting to find the flat file input in the
sub-directory prod and with a filename of racfprod.
The output refers to the prefix on the output files. For example utility
RACF02.EXE will write its output to file ???02.HTM and ???02.JCL where ??? is the output string defined. Hence the sample RACF.INI
defines the output files as RACF02.HTM and RACF02.JCL.
When transferring the flat file to PC the ASCII and CR/LF options should be
selected so that the PC file is a conventional ASCII text file.
Essentially, I keep all my programs in a 'RACF' directory. Then under that in
sub-directories called DEV and PROD I copy the flat file. Also residing in DEV
and PROD are the RACF.INI files. The main purpose of these is to tell the
programs which flat file to look at, although they contain some other self
explanatory stuff as well.
I have my ..\RACF directory defined in my PATH
statement and simply change directory into the desired directory, i.e. DEV or
PROD and the utilities look for an ini file in the
current directory.
..\RACF\RACF*.EXE -- directory included in PATH
this is also the
directory used for comparison utilities, namely RACF35 and RACF40
..\RACF\DEV\RACF.INI -- ini file
\RACFDEV -- downloaded
ASCII flat file
\RACF*.HTM -- generated html reports
\RACF*.JCL -- generated jcl
..\RACF\PROD\RACF.INI
\RACFPROD
\RACF*.HTM
\RACF*.JCL
2. Release Notes
Current Release
1.23 dated
There have been quite a few additions / improvements with this release.
RACF00 -
Refined the filtering in relation to dollar and pound signs. The main place
where this was manifesting itself was in the digital certificate reports (RACF94
through RACF101).
RACF07 -
Addition of output file containing list of datasets as plain text.
RACF11 -
Now reports on attributes, both user and connection, class authorisations, and
if password is set to non-expiring, and if UID of zero is defined for user. Also,
if report is being generated on a user, it prompts with question should report
include enumeration of all connected groups.
RACF107 - All new utility.
Takes as input output from LISTCAT commands and tries to reconcile RACF dataset
profiles against list of catalogued datasets and reports list of profiles along
with access control lists of any profile which doesn't appear to have any
corresponding datasets.
Release 1.22 dated
Bug fix maintenance release, no change to documentation.
Release 1.21 dated
RACF105 generates a report by first building a list of UserIDs
referenced from STARTED class profiles and then enumerating them with various
details, in particular do they have the PROTECTED attribute set?
RACF106 generates a report by first building a list of UserIDs with a
UID of zero and then enumerating them with various details, in particular do
they have the PROTECTED attribute set?
Release 1.20 dated
One new utility RACF104
and several updated ones.
RACF104 generates a text
file of Groups which can be imported directly into Visio's Organisational Chart
Wizard.
RACF58 - fixed error in
syntax of JCL relating to generic general resource class profiles.
All utility executables
have now been made lowercase, along with all output
files generated are now lowercase filenames. This has been done since
discovering problems with reports.htm and RACF101 outputs when transferring them
up unto IBM HTTP Server. The webserver is case
sensitive and hence broken links result unless care is taken, so I've
standardised on lowercase for all output filenames.
Release 1.19 dated
One new utility RACF103 and several updated ones.
RACF103 finds UserIDs
which have duplicate name data in the 20 character description field.
RACF82 and RACF102 have
both been enhanced to show in bold any UserID which could not be annotated if
not found in the unload. Previously it was just
dropped with no indication.
RACF99 and RACF101 have
both been enhanced to accept command line parameter of a UserID in order to be
able to report on a subset of certificates for just that UserID.
Release 1.18 dated
One new utility RACF102 and one updated utility RACF88.
RACF102 annotates a list of UserIDs with information relating to dates and
passwords. Useful when reviewing UserIDs which may be dormant or may be used
for started tasks etc.
RACF88 has had another column added to show default group of each user listed.
It has also been extended in functionality to accept a runtime command line
argument of a group. If a group is specified it will list all members of that
group whether or not they have an OMVS segment.
Release 1.17 dated 22 June
2004
The difference between release 1.16 and 1.17 is that
the array sizes have been significantly increased to allow the utilities to
handle larger unloads.
Also, to aid problem diagnosis I have re-introduced an updated RACFDIAG.
Release 1.16 dated
The reason for this release can be summed up in just two words - UNIVERSAL
GROUPS.
Here is a list of the utilities which have been updated in order to correctly
handle UNIVERSAL GROUPS:
RACF03, RACF04, RACF06, RACF11, RACF36, RACF47, RACF50, RACF52, RACF53, RACF66, RACF70, RACF73, RACF75, RACF76, RACF77, RACF86, RACF89
Note: some have been amended to correctly report on the Group Authority and
some have simply had the Group Authority removed from the report where it was
not deemed to be worth the effort of amending.
For those of you who are still wondering what this is all about, with UNIVERSAL
GROUPS if the connect authority is USE then no 0102 records are cut in the
unload. This hence requires in some cases minor tweaks and in some cases
significant re-writes in the code.
Release 1.15 dated 8 May 2004
RACF100 has been added
which lists certificates but also allows for a cut-off-date to be specified
rather than having to list all the certificates.
RACF101 has been added
which lists certificates sorted by month of expiry. This is useful for getting
a feel for the distribution of the expiry dates for certificates within RACF.
Also some minor improvements in formatting on many utilities, continued tidying
up of code from the days when it was all written for fixed pitch font reports,
pre-html.
Release 1.14 dated
RACF99 has been changed so
that it now includes User ID and certificate label. There is also an Expiry
Date-Line shown on the report (beware only looks at dates, not times).
RACF52 has also been improved
in relation to handling, i.e. displaying digital certificate information. This
can be used to report on certificates owned by a UserID (note: all irrcerta certificates are actually owned by IBMUSER)
Release 1.13 dated
RACF92 has had another
column added (by request) with the Last Password date showing the date
the password was last changed.
RACF38 has been revamped, including
new options in racf.ini to enable suppression of sections, introduction of a
variable to define threshold at which reporting occurs on password expiry of
users.
As a result of the changes for RACF38 to the racf.ini file I have also
introduced system variables for the dates used in RACF05 and RACF69. These can
now be picked up from the date of the unload file, thus removing any need to
manually edit the racf.ini file for each set of reports generation.
This does of course mean racf.ini
will need to be updated for this release, please download a fresh racf.ini
Release 1.12 dated 25 August 2003
RACF93 added to produce
listing of CICS users with OPID
RACF94 through RACF99 added to provide
reporting on Digital Certificates.
Also, reports.htm and reports.bat
have both been updated to include the Digital Certificate reports.
Release 1.11 dated
RACF00 updated to include
a check to detect when an unload has been sorted.
Readme updated to include revised notes on RACF38 regarding PROTECTED
users.
Release 1.10 dated
RACF38 and RACF69 bug fixes.
Bug fixes were required due to differences in the resultant data downloaded
depending on method used for file transfer. These utilities were originally
developed around native 3270 terminal emulator
Release 1.09 dated
RACF36 bug fix.
Readme updated to include revised notes on RACF68
Release 1.08 dated 25 March 2001
RACF07, RACF12 changed in
two ways, first length restriction which was pre-html format has been removed
from the installation data field giving much more info and making the reports
much more readable, and second the WARNING attribute has been added to the
information.
Release 1.07 dated
RACF92 added to
list all users.
All html reports have also been amended so that the title displays both the
name and date of the unload file from which the report was generated.
Minor cosmetic fixes made to RACF07, RACF09, RACF12, RACF38, RACF53
Sample reports.bat
and associated reports.htm
now available. Save these to the directory containing the
unload and racf.ini files, run the reports.bat
file and then view reports.htm.
Release 1.06 dated
RACF89 minor
fix to show correct owner on dataset profiles.
Also, readme.htm (i.e. this file) corrected not to force web access when
following internal links within the readme file.
Release 1.05 dated 24 January 2001
Utilities have had all conversions to uppercase removed except in RACF08 so
that they are capable of handling lower case data such as irrcerta supplied User ID.
Minor fix to RACF37
RACF00 and RACF91 have been
added.
RACF01, RACF02, RACF11, RACF66 updated to
include v2.10 changes such as LNOTES and KERB segments etc.
RACF17, RACF39, RACF40, RACF41 have all
been discontinued.
Release 1.04 dated
Utilities which were previously written for CICS classes and had the class
names hard coded have now been converted to operate on classes specified on the
command line parameters.
Utilities amended are RACF16, RACF22, RACF33, RACF34, RACF35, and RACF37.
(Utilities RACF17, RACF39, RACF40 and RACF41 have been dropped as they were
CICSCMD versions of CICSTRN utilities and are no longer required as the CICSTRN
versions have been made generic)
Release 1.03 dated 1 September 2000
RACF42 extended
to list all discrete profiles with ALTER access, i.e. DATASET and General
Resource not just DATASET as before.
Release 1.02 dated 21 July 2000
RACF01 fixed
enabling it to cope with hex values in the record type
RACFAWK also
fixed to enable it to cope with hex values in record type
RACF38 extended
to include a section listing all PROTECTED User IDs
RACF68 extended
to include additional output file listing APFs which
do not have corresponding DATASET profiles. This can be used as input to RACFJCL to
generate required JCL to correct.
Release 1.00 dated
This is a major new release. Here is a summary of the
enhancements.
All code has been converted from 16-bit DOS code to 32-bit Windows code,
although it is still intended to be run from a command prompt. This has meant a
reduction in the sizes of the executables along with the ability to
significantly extend some of the previously limiting array parameters. Running
it from the command prompt still allows for the development of batch (or
command) files containing many steps so that when an up-to-date unload is downloaded fresh reports are easily generated.
Virtually all output reports have been converted from dull text format to a
much slicker HTML format. This has meant that they always overwrite any
previous reports rather than appending as some used to do. If at the command
prompt having generated a report simply enter the report name including
extension and if using NT it will make the association with your default
hypertext browser and load the report.
RACF88 has been
both fixed and extended to give more information.
The README file has been converted to HTML and enhanced.
RACF01 and RACF66 have been
updated to take account enhancements made to RACF. This brings the utilities up
to being in line with OS390 Version 2 Release 6.
U=User
ID G=Group D=Dataset R=General Resource C=CICS X=General
Function
|
Utility |
U |
G |
D |
R |
C |
X |
Key |
Key words |
|
|
|
|
|
|
■ |
|
Pre-processor |
|
|
■ |
■ |
■ |
■ |
■ |
■ |
|
Summary |
|
|
■ |
|
|
|
|
|
JCL |
Non-existent User IDs |
|
|
|
■ |
|
|
|
|
|
Group tree |
|
|
|
■ |
|
|
|
|
JCL |
All Groups |
|
|
■ |
|
|
|
|
|
JCL |
Expired User IDs |
|
|
|
■ |
|
|
|
|
JCL |
List Group |
|
|
|
|
■ |
|
|
|
|
Dataset (mask) |
|
|
■ |
|
|
|
|
|
TEXT |
User ID(s) (not-HTML) |
|
|
■ |
|
|
|
|
|
JCL |
User IDs (mask) |
|
|
RACF10 |
|
|
|
|
|
|
|
Discontinued |
|
■ |
■ |
|
|
|
|
JCL |
XREF (JCL to grant) |
|
|
|
|
|
■ |
|
|
|
General Resources (mask) |
|
|
RACF13 |
|
|
|
|
|
|
|
Discontinued |
|
RACF14 |
|
|
|
|
|
|
|
Discontinued |
|
RACF15 |
|
|
|
|
|
|
|
Discontinued |
|
|
|
|
|
■ |
|
|
List Member / Group Class |
|
|
RACF17 |
|
|
|
|
|
|
|
Discontinued |
|
■ |
|
|
|
|
|
TEXT |
All User IDs (not-HTML) |
|
|
|
|
|
■ |
|
|
|
General Resource |
|
|
|
|
|
■ |
|
|
JCL |
General Resource - Re-create - Prefixed |
|
|
■ |
■ |
|
|
|
|
JCL |
XREF (JCL to remove) |
|
|
|
|
|
|
■ |
|
|
Member class Installation data |
|
|
|
|
■ |
|
|
|
JCL |
Dataset - Re-create - Prefixed |
|
|
■ |
|
|
|
|
|
JCL |
Revoked User IDs |
|
|
|
|
|
■ |
|
|
JCL |
General Resource - Delete - Prefixed |
|
|
RACF26 |
|
|
|
|
|
|
|
Discontinued |
|
RACF27 |
|
|
|
|
|
|
|
Discontinued |
|
|
|
|
■ |
|
|
|
General Resource (prefix.mask) |
|
|
RACF29 |
|
|
|
|
|
|
|
Discontinued |
|
|
|
|
■ |
|
|
|
STARTED |
|
|
RACF31 |
|
|
|
|
|
|
|
Discontinued |
|
|
|
|
■ |
|
|
|
WARNING |
|
|
|
|
|
|
■ |
|
|
Sorted Member / Group Class pair |
|
|
|
|
|
|
■ |
|
|
Duplicate Member / Group Class pair |
|
|
|
|
|
|
■ |
|
|
Compare Member / Group Class pair |
|
|
■ |
■ |
|
|
|
|
JCL |
Compare Group |
|
|
|
|
|
|
■ |
|
JCL |
XREF - Member / Group Class pair |
|
|
■ |
|
|
|
|
|
|
Audit Report |
|
|
RACF39 |
|
|
|
|
|
|
|
Discontinued |
|
RACF40 |
|
|
|
|
|
|
|
Discontinued |
|
RACF41 |
|
|
|
|
|
|
|
Discontinued |
|
|
|
■ |
|
|
|
|
discrete ALTER |
|
|
RACF43 |
|
|
|
|
|
|
|
Discontinued |
|
RACF44 |
|
|
|
|
|
|
|
Discontinued |
|
RACF45 |
|
|
|
|
|
|
|
Discontinued |
|
■ |
|
|
|
|
|
JCL |
Delete User IDs |
|
|
|
■ |
|
|
|
|
JCL |
Change Group |
|
|
|
|
|
■ |
|
|
JCL |
General Resource - Re-create - non-Prefixed |
|
|
|
|
|
■ |
|
|
|
General Resource - Delete - non-Prefixed |
|
|
|
■ |
|
|
|
|
|
Connected Groups |
|
|
|
|
|
■ |
|
|
|
General Resource friendly format |
|
|
■ |
■ |
|
|
|
|
|
OwnerID |
|
|
|
■ |
|
|
|
|
|
List Group |
|
|
RACF54 |
|
|
|
|
|
|
|
Discontinued |
|
RACF55 |
|
|
|
|
|
|
|
Discontinued |
|
|
|
■ |
|
|
|
JCL |
UACC |
|
|
RACF57 |
|
|
|
|
|
|
|
Discontinued |
|
|
|
|
■ |
|
|
JCL |
Notify |
|
|
|
|
■ |
■ |
|
|
|
Audit Attributes |
|
|
RACF60 |
|
|
|
|
|
|
|
Discontinued |
|
|
|
■ |
|
|
|
JCL |
Dataset - Grant access - Prefixed |
|
|
|
|
|
■ |
|
|
JCL |
General Resource - Grant access - Prefixed |
|
|
RACF63 |
|
|
|
|
|
|
|
Discontinued |
|
|
|
|
■ |
|
|
JCL |
General Resource - Re-create - non-Prefixed |
|
|
|
|
|
■ |
|
|
|
General Resource |
|
|
■ |
|
|
|
|
|
|
ListUser |
|
|
|
|
|
■ |
|
|
JCL |
Notify |
|
|
|
|
■ |
|
|
|
|
APF |
|
|
■ |
■ |
|
|
|
|
JCL |
Revoked Connections |
|
|
|
■ |
|
|
|
|
|
Count Connections |
|
|
|
|
■ |
|
|
|
|
Dataset (mask) |
|
|
|
|
|
■ |
|
|
|
Summary (General Resources) |
|
|
|
■ |
|
|
|
|
|
Connected Groups |
|
|
RACF74 |
|
|
|
|
|
|
|
Discontinued |
|
|
■ |
|
|
|
|
TEXT |
List Group (non-HTML) |
|
|
|
■ |
|
|
|
|
JCL |
List Group |
|
|
|
■ |
|
|
|
|
JCL |
Connections |
|
|
RACF78 |
|
|
|
|
|
|
|
Discontinued |
|
■ |
|
|
|
|
|
JCL |
User IDs |
|
|
|
|
■ |
|
|
|
JCL |
Discrete Dataset |
|
|
RACF81 |
|
|
|
|
|
|
|
Discontinued |
|
■ |
|
|
|
|
|
|
Annotate |
|
|
RACF83 |
|
|
|
|
|
|
|
Discontinued |
|
■ |
|
|
|
|
|
|
User IDs |
|
|
|
|
|
■ |
|
|
JCL |
General Resource |
|
|
■ |
|
|
|
|
|
JCL |
LIMBO |
|
|
|
■ |
|
|
|
|
|
GID |
|
|
■ |
|
|
|
|
|
|
UID |
|
|
|
|
■ |
■ |
|
|
|
SECURITY |
|
|
|
|
■ |
|
|
|
JCL |
Dataset |
|
|
|
|
|
■ |
|
|
JCL |
General Resource - Re-create |
|
|
RACF92 |
■ |
|
|
|
|
|
JCL |
User IDs (Detailed) |
|
|
|
|
|
■ |
|
|
List all CICS users with showing any OPIDs. |
|
|
|
■ |
|
|
|
|
|
Digital Certificates by UserID and label. |
|
|
|
■ |
|
|
|
|
|
Digital Certificates (unsorted). |
|
|
|
■ |
|
|
|
|
|
Digital Certificate King Rings. |
|
|
|
■ |
|
|
|
|
|
Digital Certificate Mappings. |
|
|
|
■ |
|
|
|
|
|
Digital Certificate Trusts. |
|
|
|
■ |
|
|
|
|
|
Digital Certificates sorted by expiry date. |
|
|
|
■ |
|
|
|
|
|
Digital Certificates sorted by expiry date with cut-off. |
|
|
|
■ |
|
|
|
|
|
Digital Certificates sorted by month of expiry date. |
|
|
■ |
|
|
|
|
|
|
User ID List Annotated w/Password & Date Info. |
|
|
RACF103 |
■ |
|
|
|
|
|
|
User IDs with Duplicate Name Field Data. |
|
RACF104 |
|
■ |
|
|
|
|
TEXT |
Generate Group List for Visio Org Chart. |
|
RACF105 |
■ |
|
|
|
|
|
|
STARTED task UserIDs and PROTECTED |
|
RACF106 |
■ |
|
|
|
|
|
|
UID(0) UserIDs and PROTECTED |
|
RACF107 |
|
|
■ |
|
|
|
|
Find Dataset Profiles with no corresponding datasets |
|
■ |
■ |
■ |
■ |
■ |
■ |
|
Ad-hoc (non-HTML) |
|
|
RACFDIAG |
|
|
|
|
|
■ |
|
Database Diagnostic |
|
■ |
■ |
■ |
■ |
■ |
■ |
JCL |
JCL Generator (similar to CLIST) |
4. More detailed notes on each utility
Here are more detailed notes on each utility including a rating for each where
the ratings used are as follows:
|
*** |
General and useful utility recommended for general use |
|
** |
Specialised utility for a particular requirement |
|
* |
Either very specialised or very unusual requirement |
i.e. investigate the *** ones, if you see a ** one
that you can relate to then fine, but tend to ignore the * ones.
Note: where runtime command line parameters are required the syntax can be
displayed by simply executing the utility without any parameters.