The Report Masking feature allows limiting access to sensitive data in reports residing in the Control-D repository. Administrators can assign permissions to access the full content of specific reports for a particular group of one or more authorized users, who are defined in a security product such as RACF. Administrators can create a specific Mask Ruler for each report containing sensitive data. A report assigned to such a Mask Ruler can be viewed or printed by unauthorized users only after applying this Mask Ruler. This process is applied for U-screen and Control-D Web Access users. If there is a view, print ruler, or Logical view for this report, it will be applied only after applying the Mask Ruler.
To prevent a report from being viewed by unauthorized users do the following:
mask_ruler_name is the name of the Mask Ruler defined for this report in the V,E-screen. For example:
-------------------------------------------------------------------------------
DO WHEN LINE 00020 - 00060 COL 00020 - 00024 PRINT REF NXT CT AND/OR STRING =
TOTAL DO MASKRUL = MASK1
-------------------------------------------------------------------------------
For more information, see the DO MASKRUL section in the Decollation Mission Parameters chapter in the Control-D and Control-V User Guide.
For automatically masking new reports, apply the WDN065 optional wish. In this case the Mask Ruler must be created using the previous report entry with the same USER, JOBNAME, and REPORT NAME.
For manually masking old reports, enter the USER, JOBNAME, and REPORT NAME in the Mask Ruler field using the update option in U-screen in DI A mode.
The CTDUFUPD utility can be used to update the Mask Ruler name for old reports as well.
For more information on the CTDUFUPD, see the INCONTROL for z/OS Utilities Guide.
Note. The optional wishes WDN065 and WDM065 can be used to change the masking report implementation. The WDN065 determines if Mask Ruler is set up automatically during decollation. The default is “No”. The WDM065 determines whether the report is viewed or printed if Mask Ruler is not found. The default is “Yes”.
Parent Topic |