Built in RACF reports?

All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

Built in RACF reports?

Postby dciesinski » Fri Feb 12, 2010 8:17 pm

Sorry if this is a silly question - my company is in the midst of an ACF2 to RACF conversion, and so we're learning RACF on the fly, with the assistance of a consultant and some other training, etc.

We're looking ahead to post-production cutover, and how we will be setting up new users. Our management has thus far denied us the ability to purchase any sort of user admin/audit application like zSecure Admin, etc., so we're more or less on our own for the forseeable fututre.

We'd like to develop templates to use, as we have to process new employees/transfers, so what we'd like initially is some kind of report that would show us all of the groups within our RACF environment, and the resources they are connect to, and at what level (ALTER, READ, etc.). Once we have that, we could then start developing the templates.

Does this sound like something people do, or are we going about htis completely wrong? If it's the right direction, does this reporting exist in native RACF, of do we have a lot of busy work ahead of us?

Any help or advice is greatly appreciated!
Posts: 3
Joined: Fri Feb 12, 2010 8:11 pm
Has thanked: 0 time
Been thanked: 0 time

Re: Built in RACF reports?

Postby Robert Sample » Fri Feb 12, 2010 8:36 pm

The RACF Auditor's Guide manual talks about the native RACF reporting facility. That would be the first place I looked if I were in your place. Third party reporting tools exist, but as with all mainframe packages they tend to cost plenty.
Robert Sample
Global moderator
Posts: 3718
Joined: Sat Dec 19, 2009 8:32 pm
Location: Dubuque, Iowa, USA
Has thanked: 1 time
Been thanked: 279 times

Re: Built in RACF reports?

Postby dick scherrer » Sat Feb 13, 2010 3:31 am


If the company has brought in a RACF consultant, maybe this person has a little "bag of tricks" . . .

I don't "do" racf, but i do travel with a bunch of odds and ends that i freely give a client if they are interested. As i basically do t & m (time and materials) contracts, i'll build something custom if the client wants it. Lots of things don't take long if one already knows how to do them.

This may be a way for your group to get some tools basically for "free" (i.e. no check written for purchased software).
Hope this helps,
User avatar
dick scherrer
Global moderator
Posts: 6268
Joined: Sat Jun 09, 2007 8:58 am
Has thanked: 3 times
Been thanked: 93 times

Re: Built in RACF reports?

Postby Constad » Mon Feb 15, 2010 4:31 pm


I would take a look at using the Database Unload (IRRDBU00) and coding some REXX or using ICETOOL to build what you need. Utility IRRUT100 may also give you some of the information you need. Many people use these methods quite effectively.


Posts: 4
Joined: Mon Feb 15, 2010 4:22 pm
Has thanked: 0 time
Been thanked: 0 time

Return to Mainframe Security


  • Related topics
    Last post