RACF Data Security Monitor (DSMON)

The Data Security Monitor (DSMON) is an IBM RACF utility that produces reports on:

• System report:
  • Displays system information (Operating System, RACF level, Sysres volume, SMF id)
• Group Tree report:
  • Shows the hierarchy of RACF groups
• Program Properties Table (PPT) report:
  • Lists programs that execute with special privileges
• RACF Authorised Caller Table report:
  • Lists non-authorised programs that can invoke privileged RACF functions.
• RACF Class Descriptor Table (CDT) report:
  • Lists RACF classes (besides DATASET) information
• RACF Exits report:
  • Shows RACF exits information
• RACF Global Access Table (GAT) report:
  • Shows the global access entities currently in effect
• RACF Started Procedures Table report:
  • Displays the userid/group id that will be associated with a started task along with “Trusted” and “Privileged” status
• RACF User Attribute report:
  • Lists users with SPECIAL, OPERATIONS or AUDITOR attibutes, revoked users and RRSF associations
• RACF User Attribute Summary report:
  • Shows the number of installation-defined users and totals for users with the SPECIAL, OPERATIONS, AUDITOR, and REVOKE attributes
• Selected Datasets report:
  • Shows dataset information (volume, linklist, apf, catalog, RACF, UACC)

Any RACF use with AUDITOR attribute or with at least EXECUTE authority to the ICHDSM00 program can use the DSMON utility.

In order to produce a Data Security Monitor report (DSMON) we use the ICHDSM00 RACF utility in a batch job:

//DSMON EXEC PGM=ICHDSM00
//SYSPRINT DD SYSOUT=*
//SYSUT2 DD DSN=hlq.dsmon.report,DISP=SHR
//SYSIN DD *
FUNCTION ALL
//

Notes:

• hlq.dsmon.report is the name of the dataset that will contain the output for the DSMON report
• FUNCTION ALL indicates that all DSMON reports are to be produced