RACF Utilities HTML readme file.

 

1. Overview of utilities
2. Release Notes
3. Quick Reference

4. More detailed notes on each utility
5. Sample JCL used to obtain input data

6. RACF.INI Details

 


1. Overview of utilities

The idea of these utilities is to take a flatfile download from the mainframe onto the PC and then process it to produce reports and or JCL. The JCL can be checked and when you are satisfied it will do what you want you then upload it onto the mainframe and submit it as with any other JCL.

To get started you will need to get the flat file download from RACF, one or more of these utilities, and a suitable RACF.INI file. I have supplied sample JCL at the end for obtaining the flat file from RACF although this is well documented in the IBM manuals. The utilities can be downloaded from my home page much as with this readme.htm file. The home page also has a sample RACF.INI file, which should be downloaded.

The sample RACF.INI file is expecting to find the flat file input in the sub-directory prod and with a filename of racfprod. The output refers to the prefix on the output files. For example utility RACF02.EXE will write its output to file ???
02.HTM and ???02.JCL where ??? is the output string defined. Hence the sample RACF.INI defines the output files as RACF02.HTM and RACF02.JCL.

When transferring the flat file to PC the ASCII and CR/LF options should be selected so that the PC file is a conventional ASCII text file.

Essentially, I keep all my programs in a 'RACF' directory. Then under that in sub-directories called DEV and PROD I copy the flat file. Also residing in DEV and PROD are the RACF.INI files. The main purpose of these is to tell the programs which flat file to look at, although they contain some other self explanatory stuff as well.

I have my ..\RACF directory defined in my PATH statement and simply change directory into the desired directory, i.e. DEV or PROD and the utilities look for an ini file in the current directory.

..\RACF\RACF*.EXE -- directory included in PATH

this is also the directory used for comparison utilities, namely RACF35 and RACF40


..\RACF\DEV\RACF.INI -- ini file

\RACFDEV -- downloaded ASCII flat file
\RACF*.HTM -- generated html reports
\RACF*.JCL -- generated jcl

..\RACF\PROD\RACF.INI

\RACFPROD
\RACF*.HTM
\RACF*.JCL


2. Release Notes

Current
Release 1.23 dated 6 June 2005

There have been quite a few additions / improvements with this release.

RACF00 - Refined the filtering in relation to dollar and pound signs. The main place where this was manifesting itself was in the digital certificate reports (RACF94 through RACF101).

RACF07 - Addition of output file containing list of datasets as plain text.

RACF11 - Now reports on attributes, both user and connection, class authorisations, and if password is set to non-expiring, and if UID of zero is defined for user. Also, if report is being generated on a user, it prompts with question should report include enumeration of all connected groups.

RACF107 - All new utility. Takes as input output from LISTCAT commands and tries to reconcile RACF dataset profiles against list of catalogued datasets and reports list of profiles along with access control lists of any profile which doesn't appear to have any corresponding datasets.


Release 1.22 dated
6 February 2005

Bug fix maintenance release, no change to documentation.

Release 1.21 dated 30 January 2005

 

RACF105 generates a report by first building a list of UserIDs referenced from STARTED class profiles and then enumerating them with various details, in particular do they have the PROTECTED attribute set?

 

RACF106 generates a report by first building a list of UserIDs with a UID of zero and then enumerating them with various details, in particular do they have the PROTECTED attribute set?

 

Release 1.20 dated 15 January 2005

 

One new utility RACF104 and several updated ones.

 

RACF104 generates a text file of Groups which can be imported directly into Visio's Organisational Chart Wizard.

 

RACF58 - fixed error in syntax of JCL relating to generic general resource class profiles.

 

All utility executables have now been made lowercase, along with all output files generated are now lowercase filenames. This has been done since discovering problems with reports.htm and RACF101 outputs when transferring them up unto IBM HTTP Server. The webserver is case sensitive and hence broken links result unless care is taken, so I've standardised on lowercase for all output filenames.

 

Release 1.19 dated 11 October 2004

One new utility RACF103 and several updated ones.

RACF103 finds UserIDs which have duplicate name data in the 20 character description field.

RACF82 and RACF102 have both been enhanced to show in bold any UserID which could not be annotated if not found in the unload. Previously it was just dropped with no indication.

RACF99 and RACF101 have both been enhanced to accept command line parameter of a UserID in order to be able to report on a subset of certificates for just that UserID.

Release 1.18 dated 15 August 2004

One new utility RACF102 and one updated utility RACF88.

RACF102 annotates a list of UserIDs with information relating to dates and passwords. Useful when reviewing UserIDs which may be dormant or may be used for started tasks etc.

RACF88 has had another column added to show default group of each user listed. It has also been extended in functionality to accept a runtime command line argument of a group. If a group is specified it will list all members of that group whether or not they have an OMVS segment.

Release 1.17 dated 22 June 2004

The difference between release 1.16 and 1.17 is that the array sizes have been significantly increased to allow the utilities to handle larger unloads.

Also, to aid problem diagnosis I have re-introduced an updated RACFDIAG.

Release 1.16 dated 5 June 2004

The reason for this release can be summed up in just two words - UNIVERSAL GROUPS.
Here is a list of the utilities which have been updated in order to correctly handle UNIVERSAL GROUPS:

RACF03, RACF04, RACF06, RACF11, RACF36, RACF47, RACF50, RACF52, RACF53, RACF66, RACF70, RACF73, RACF75, RACF76, RACF77, RACF86, RACF89

Note: some have been amended to correctly report on the Group Authority and some have simply had the Group Authority removed from the report where it was not deemed to be worth the effort of amending.

For those of you who are still wondering what this is all about, with UNIVERSAL GROUPS if the connect authority is USE then no 0102 records are cut in the unload. This hence requires in some cases minor tweaks and in some cases significant re-writes in the code.


Release 1.15 dated 8 May 2004

RACF100 has been added which lists certificates but also allows for a cut-off-date to be specified rather than having to list all the certificates.
RACF101 has been added which lists certificates sorted by month of expiry. This is useful for getting a feel for the distribution of the expiry dates for certificates within RACF.
Also some minor improvements in formatting on many utilities, continued tidying up of code from the days when it was all written for fixed pitch font reports, pre-html.

Release 1.14 dated
7 February 2004

RACF99 has been changed so that it now includes User ID and certificate label. There is also an Expiry Date-Line shown on the report (beware only looks at dates, not times).
RACF52 has also been improved in relation to handling, i.e. displaying digital certificate information. This can be used to report on certificates owned by a UserID (note: all irrcerta certificates are actually owned by IBMUSER)

Release 1.13 dated
3 January 2004

RACF92 has had another column added (by request) with the Last Password date showing the date the password was last changed.
RACF38 has been revamped, including new options in racf.ini to enable suppression of sections, introduction of a variable to define threshold at which reporting occurs on password expiry of users.
As a result of the changes for RACF38 to the racf.ini file I have also introduced system variables for the dates used in RACF05 and RACF69. These can now be picked up from the date of the unload file, thus removing any need to manually edit the racf.ini file for each set of reports generation.

This does of course mean racf.ini will need to be updated for this release, please download a fresh racf.ini

Release 1.12 dated 25 August 2003

RACF93 added to produce listing of CICS users with OPID
RACF94 through RACF99 added to provide reporting on Digital Certificates.

Also, reports.htm and reports.bat have both been updated to include the Digital Certificate reports.

Release 1.11 dated
8 July 2002

RACF00 updated to include a check to detect when an unload has been sorted.

Readme updated to include revised notes on RACF38 regarding PROTECTED users.

Release 1.10 dated 4 July 2001

RACF38 and RACF69 bug fixes.

Bug fixes were required due to differences in the resultant data downloaded depending on method used for file transfer. These utilities were originally developed around native 3270 terminal emulator
IND$FILE transfers, but there are significant differences if data is transferred using ftp. These bug fixes mean they will work with either method of file transfer.

Release 1.09 dated
29 April 2001

RACF36 bug fix.

Readme updated to include revised notes on RACF68

Release 1.08 dated 25 March 2001

RACF07, RACF12 changed in two ways, first length restriction which was pre-html format has been removed from the installation data field giving much more info and making the reports much more readable, and second the WARNING attribute has been added to the information.

Release 1.07 dated
17 March 2001

RACF92 added to list all users.

All html reports have also been amended so that the title displays both the name and date of the unload file from which the report was generated.

Minor cosmetic fixes made to RACF07, RACF09, RACF12, RACF38, RACF53

Sample reports.bat and associated reports.htm now available. Save these to the directory containing the unload and racf.ini files, run the reports.bat file and then view reports.htm.

Release 1.06 dated
16 February 2001

RACF89 minor fix to show correct owner on dataset profiles.

Also, readme.htm (i.e. this file) corrected not to force web access when following internal links within the readme file.

Release 1.05 dated 24 January 2001

Utilities have had all conversions to uppercase removed except in RACF08 so that they are capable of handling lower case data such as
irrcerta supplied User ID.

Minor fix to RACF37

RACF00 and RACF91 have been added.

RACF01, RACF02, RACF11, RACF66 updated to include v2.10 changes such as LNOTES and KERB segments etc.

RACF17, RACF39, RACF40, RACF41 have all been discontinued.

Release 1.04 dated
12 November 2000

Utilities which were previously written for CICS classes and had the class names hard coded have now been converted to operate on classes specified on the command line parameters.

Utilities amended are RACF16, RACF22, RACF33, RACF34, RACF35, and RACF37.

(Utilities RACF17, RACF39, RACF40 and RACF41 have been dropped as they were CICSCMD versions of CICSTRN utilities and are no longer required as the CICSTRN versions have been made generic)

Release 1.03 dated 1 September 2000

RACF42 extended to list all discrete profiles with ALTER access, i.e. DATASET and General Resource not just DATASET as before.

Release 1.02 dated 21 July 2000

RACF01 fixed enabling it to cope with hex values in the record type
RACFAWK also fixed to enable it to cope with hex values in record type
RACF38 extended to include a section listing all PROTECTED User IDs
RACF68 extended to include additional output file listing APFs which do not have corresponding DATASET profiles. This can be used as input to RACFJCL to generate required JCL to correct.

Release 1.00 dated
1 May 2000

This is a major new release. Here is a summary of the enhancements.

All code has been converted from 16-bit DOS code to 32-bit Windows code, although it is still intended to be run from a command prompt. This has meant a reduction in the sizes of the executables along with the ability to significantly extend some of the previously limiting array parameters. Running it from the command prompt still allows for the development of batch (or command) files containing many steps so that when an up-to-date unload is downloaded fresh reports are easily generated.

Virtually all output reports have been converted from dull text format to a much slicker HTML format. This has meant that they always overwrite any previous reports rather than appending as some used to do. If at the command prompt having generated a report simply enter the report name including extension and if using NT it will make the association with your default hypertext browser and load the report.

RACF88 has been both fixed and extended to give more information.

The README file has been converted to HTML and enhanced.

RACF01 and RACF66 have been updated to take account enhancements made to RACF. This brings the utilities up to being in line with OS390 Version 2 Release 6.



3. Quick Reference

U=User ID G=Group D=Dataset R=General Resource C=CICS X=General Function

Utility

U

G

D

R

C

X

Key

Key words

RACF00

 

 

 

 

 

 

Pre-processor

RACF01

 

Summary

RACF02

 

 

 

 

 

JCL

Non-existent User IDs

RACF03

 

 

 

 

 

 

Group tree

RACF04

 

 

 

 

 

JCL

All Groups

RACF05

 

 

 

 

 

JCL

Expired User IDs

RACF06

 

 

 

 

 

JCL

List Group

RACF07

 

 

 

 

 

 

Dataset (mask)

RACF08

 

 

 

 

 

TEXT

User ID(s) (not-HTML)

RACF09

 

 

 

 

 

JCL

User IDs (mask)

RACF10

 

 

 

 

 

 

 

Discontinued

RACF11

 

 

 

 

JCL

XREF (JCL to grant)

RACF12

 

 

 

 

 

 

General Resources (mask)

RACF13

 

 

 

 

 

 

 

Discontinued

RACF14

 

 

 

 

 

 

 

Discontinued

RACF15

 

 

 

 

 

 

 

Discontinued

RACF16

 

 

 

 

 

 

List Member / Group Class

RACF17

 

 

 

 

 

 

 

Discontinued

RACF18

 

 

 

 

 

TEXT

All User IDs (not-HTML)

RACF19