370 likes | 514 Views
Connecting Sarbanes to Oxley. Faye Windhorst Landauer, Inc. 14 th NATURAL Conference October, 2006. Background. 2006. 1970. ADABAS. VSAM. Background. 14:02:41 ***** NATURAL LIST COMMAND ***** 2006-08-02
E N D
ConnectingSarbanes toOxley Faye Windhorst Landauer, Inc. 14th NATURAL Conference October, 2006
Background 2006 1970 ADABAS VSAM
Background 14:02:41 ***** NATURAL LIST COMMAND ***** 2006-08-02 User FAYE - LIST Objects in a Library - Library FIXLIB Cmd Name Type S/C SM Version User ID Date Time --- ACCT*____ *__________ *__ * *______ *________ *__________ *________ __ ACCTDTFX Program S/C S 4.1.03 BENT 2005-05-19 09:48:56 __ ACCTFIX Program S/C R 3.1.04 TOMC 2002-10-30 15:20:31 __ ACCTFXDT Program S/C S 4.1.03 FAYE 2005-08-17 12:59:26 __ ACCTJKS Program S R 2.2.08 JKIE 1997-12-31 16:02:30 __ ACCTMAST Program S S 2.2.08 FAYE 1998-01-29 16:12:12 __ ACCTSEL1 Program S/C S 3.1.04 FAYE 2002-05-21 14:30:53 __ ACCTSEL2 Program S/C S 3.1.04 FAYE 2002-05-21 10:32:17 __ ACCTSEL3 Program S/C S 3.1.04 FAYE 2002-05-24 07:55:13 __ ACCTSERV Program S S 2.2.08 FAYE 1998-01-09 08:37:34 __ ACCTTEST Program S/C S 2.1.07 BENT 1992-05-14 11:37:23 10 Objects found Top of List. Command ===> Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12--- Help Print Exit Sort -- - + ++ > Canc
Background 07/30/06 ***** Landauer, Inc. ***** ISMNTP1 14:16 - File Maintenance Menu 1 - ISMNTM1 Code System/Function/Explanation A Account Master (80) B Account Master Control Record (80) C Dosimeter (72) D Dosimeter Component (73) E Participant Master (81) F Process Menu H Report Master (99) I N144 Etching Tray (78) J N144 Cross Reference (79) K Credit Dosimeter Return (45) L Ship Date Table (101) Enter code: __ Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12--- help retrn main quit NxtMn flip
ADABAS Audit table The Solution Existing CON-STRUCT program ?
The Solution 14:33:42 ***** NATURAL LIST COMMAND ***** 2006-08-02 User FAYE - List DDM ACCOUNT-MASTER-ALL - Library FIXLIB DDM DBID 0 DDM FNR 80 VSAM Name Default Sequence Page 1 T L DB Name F Leng S D Remark - - -- -------------------------------- - ---- - - ------------------------ 1 AA ACCT-NBR P 6.0 Account number 1 AB ACCT-SER-CODE A 3 Account series code 1 AC REC-DEL-IND A 1 Record deleted indicator 1 AD TERR-CODE A 1 N Account sales territory 1 AE STATE-CODE A 2 N State code. 1 AF ACCT-NAME A 23 N Account name 1 AG ACCT-LICENSEE-NAME A 16 N Account licensee name 1 AH ACCT-LICENSEE-NBR A 15 N Account licensee number 1 AI ACCT-REG-NBR A 7 N Account registration number 1 AJ ACCT-EXPOS-RPT-CPY A 2 N Account exposure report copy 1 AK ACCT-EXPOS-RPT-DUP-DEST A 1 N Account duplicate exposure report dest 1 AL ACCT-MREM-OVEXP-DEEP A 5 N Account over exposure MREM Top of List.
Existing CON-STRUCT program The Solution PLOG SPATs
The Solution Existing CON-STRUCT program READ For UPDATE Capture Before Image Apply changes to update view Capture After Image UPDATE
The Solution User FAYE - List DDM AUDIT-LOG - Library FIXLIB DDM DBID 0 DDM FNR 139 VSAM Name Default Sequence Page 1 T L DB Name F Leng S D Remark - - -- -------------------------------- -- ---- - - ------------------------ 1 AA AUDIT-FUNC A 1 F Action or function against data 1 AB AUDIT-ACTIV A 2 F Activity effecting change 1 AC AUDIT-AUTH-CODE A 20 N 1 AD AUDIT-DATE N 8.0 N 1 AE AUDIT-PROG A 32 N 1 AF AUDIT-TIME N 7.0 N 1 AG AUDIT-USER A 32 N 1 AH AUDIT-VIEW-NAME A 32 N M 1 AJ AUDIT-IMAG A 250 Image of record being audited (30 Occur) M 1 AK AUDIT-IMAG-TWO A 250 Secondary image of record being audited (30 Occur)
The Solution Code Frame ......... CUFMC22 SIZE 40000 Description ........ FILE MAINTENANCE CODE - MISC. SUBROUTINES FREE 88705 > > + ABS X X-Y _ S 500 L 325 ....+....1....+....2....+....3....+....4....+....5....+....6....+....7.. T C IF UPDATE-VIEW.&PRIME-PREFIX&LOG-COUNTER NE " &PRIME-FILE.&PRIME-PREFIX&LOG-COUNTER THEN " RESET #RECORD-DISPLAYED " BACKOUT TRANSACTION " USE-MSG-NR 3 REINPUT *8010 ALARM /* Intervening change, please try again " ELSE 3 REINPUT 'Intervening change, please try again' ALARM " RETURN-TO-CONDITION 2 END-IF " RETURN-TO-CONDITION 1 ASSIGN #UPDATE-PERFORMED = TRUE " * Landauer capturing before image AUDIT-FUNC := #ACTION AUDIT-IMAG-TYPE := 'BEFORE' PERFORM AUDIT-PURGE-MODIFY-RTN * PURGE-ACTION-SELECTED 2 ....+....1....+....2....+....3....+....4....+....5....+....6....+....7.. T
The Solution ************************************************************************ DEFINE SUBROUTINE AUDIT-PURGE-MODIFY-RTN ************************************************************************ IF AUDIT-FUNC = 'M' THEN AUDIT-FUNC := 'C' END-IF IF AUDIT-FUNC = 'P' THEN AUDIT-FUNC := 'D' END-IF IF AUDIT-IMAG-TYPE = 'BEFORE' THEN /* always do this on before images AUDIT-PROG := *PROGRAM AUDIT-USER := *USER AUDIT-DATE := *DATN AUDIT-TIME := *TIMN AUDIT-VIEW-NAME := '&PRIME-FILE' AUDIT-Y := AUDIT-LOOP-LIMIT - 1 /* must stop on last full element FOR AUDIT-X = 1 TO AUDIT-Y AUDIT-IMAG (AUDIT-X) := CHUNK1 (AUDIT-X) END-FOR /* (0200) AUDIT-IMAG (AUDIT-X) := CHUNK1X END-IF
The Solution IF AUDIT-IMAG-TYPE = 'AFTER' THEN /* always do this on after images AUDIT-Y := AUDIT-LOOP-LIMIT - 1 /* must stop on last full element FOR AUDIT-X = 1 TO AUDIT-Y AUDIT-IMAG-TWO (AUDIT-X) := CHUNK1 (AUDIT-X) END-FOR AUDIT-IMAG-TWO (AUDIT-X) := CHUNK1X END-IF IF AUDIT-IMAG-TYPE = 'AFTER' OR /* write audit if after image AUDIT-IMAG-TYPE = 'BEFORE' AND /* or before image on a purge AUDIT-FUNC = 'D' THEN AUDIT-ACTIV := AUDIT-ACTIV-FRZ STORE AUDIT-LOG RESET AUDIT-LOG AUDIT-X AUDIT-Y END-IF END-SUBROUTINE /* audit-purge-modify-rtn
The Solution ************************************************************************ DEFINE SUBROUTINE AUDIT-ADD-RTN ************************************************************************ AUDIT-PROG := *PROGRAM AUDIT-USER := *USER AUDIT-DATE := *DATN AUDIT-TIME := *TIMN AUDIT-FUNC := 'A' AUDIT-VIEW-NAME := '&PRIME-FILE' AUDIT-Y := AUDIT-LOOP-LIMIT - 1 /* must stop on last full element FOR AUDIT-X = 1 TO AUDIT-Y AUDIT-IMAG-TWO (AUDIT-X) := CHUNK (AUDIT-X) END-FOR AUDIT-IMAG-TWO (AUDIT-X) := CHUNKX AUDIT-ACTIV := AUDIT-ACTIV-FRZ STORE AUDIT-LOG RESET AUDIT-LOG AUDIT-X AUDIT-Y END-SUBROUTINE /* audit-add-rtn
The Solution * Primary file being maintained on the INPUT statement. 01 &PRIME-FILE VIEW OF &PRIME-DDM PRIME1 U NOT PRIME-FILE-IS-DB2 OR NOT KEY-IS-A-SUPER 1 NEXT-ACTION-SELECTED OR ADD-ACTION-SELECTED 2 * Landauer Sarbanes-oxley audit changes capture data 01 REDEFINE &PRIME-FILE LDRAUDIT1 U * View which gets held during updates. 01 UPDATE-VIEW VIEW OF &PRIME-DDM PRIME2 U LOGGING-UPDATES 1 * Landauer Sarbanes-oxley audit changes capture data LDRAUDIT2 U * " * View used to store audit trail logs. " 01 &LOG-FILE VIEW OF &LOG-DDM " Subprogram: CUFMGFIL Parameter: LOG N " SECONDARY-FILE-USED 1 * " * Secondary file view. "
The Solution CSMUSEX Natural Construct Jul 30 Maintain User Exit 1 of 1 User exit name ......... LDRAUDIT2 Code frame name ........ CUFMDA2 Conditional N User exit required ..... X Generate as subroutine . _ Sample subprogram ...... ________ GUI sample subprogram .. ________ Default user exit code . 01 REDEFINE UPDATE-VIEW_______________________________________________ 2 CHUNK1 (A250/1:21) /* most of record - resize as needed________ 2 CHUNK1X (A250) /* final segment - resize as needed_________ * Correct above values (field sizes only) to exactly match the__________ * update-view of your data. Use these sizes to adjust the audit______ * processor program when adding the routine for this view.____________ * Example: ACCOUNT-MASTER-ALL is 20 elements of A250, plus A228___________ * ..................................................................____ ________________________________________________________________________ ________________________________________________________________________ Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF1 help retrn
DEFINE EXIT LDRAUDIT1 2 CHUNK (A250/1:5) /* MOST OF RECORD - RESIZE AS NEEDED 2 CHUNKX (A57) /* FINAL SEGMENT - RESIZE AS NEEDED 1 AUDIT-LOOP-LIMIT (P5) INIT <6> /* SET TO MATCH CHUNK LIMIT+CHUNKX * Correct above values (field + array sizes) to exactly match the * prime-view of your data. Use these sizes to adjust the audit * processor program when adding the routine for thie view. * Example: ACCOUNT-SERVICES is 21 elements of A187, plus A3. * Be sure to set correct audit-loop-limit to match array size. * You may use a maximum of 30 occurrences as specified in the LDA.. 1 AUDIT-ACTIV-FRZ (A2) INIT <'A '> /* Set this to the correct activity END-EXIT The Solution
The Solution MULTIPLE-WINDOWS * Landauer code to pop up a window to capture authorization code FORMAT IP=OFF DEFINE WINDOW AUTHWIN SIZE 4 * 25 TITLE 'Authorization Code' FRAMED ON (CD=YE) /* Only pop the window up if the Y has been keyed and no /* authorization has been keyed yet. /* 03/09/05 change - glcae IF #CONFIRM-FLG = 'Y' AND AUDIT-AUTH-CODE = ' ' THEN SET KEY OFF SET WINDOW 'AUTHWIN' INPUT WINDOW='AUTHWIN' AUDIT-AUTH-CODE (AD=ULAE'_') SET WINDOW OFF SET KEY ON
The Solution Define data 1 view of actual data 1 view of clone of actual data 1 view of audit detail – contains raw before & after images READ for update copy actual data to clone call audit-capture routine - reformats clone data to fit copy screen changes to the actual data view copy actual data to clone again call audit-capture again - reformat changed clone data to fit write audit record.
ADABAS Audit table The Solution Existing CON-STRUCT program
ADABAS Detail Audit table ADABAS Historical Audit table The Solution Audit-Log Audit-History
The Solution 10:45:12 ***** NATURAL LIST COMMAND ***** 2006-08-03 User FAYE - List DDM AUDIT-HISTORY - Library ISDL DDM DBID 0 DDM FNR 138 VSAM Name Default Sequence Page 1 T L DB Name F Lg S D Remark - - -- -------------------------------- - ---- - - ------------------------ 1 AA AUDIT-FUNC A 1 F Action or function a 1 AB AUDIT-ACTIV A 2 F D Activity effecting change 1 AC CUST-NBR N 6.0 Customer Number 1 AD ACCT-NBR P 6.0 Account number 1 AE SER-CODE A 3 Series Code 1 AF PART-NBR A 5 Participant number. 1 AG DOSI-SN P 7.0 N Dosimeter serial number 1 AH DOSI-SN-SUFX A 1 N Dosimeter serial suffix 1 AI GENERIC-SEARCH-DATA A 64 N D 1 AJ AUDIT-DATE N 8.0 1 AK AUDIT-PROG A 32 N 1 AL AUDIT-TIME N 7.0 N 1 AM AUDIT-AUTH-CODE A 64 N D 1 AN AUDIT-USER A 32 N D 1 AO AUDIT-VIEW-NAME A 64 N D 1 AP AUDIT-FIELD-NAME A 64 N D 1 AT AUDIT-FIELD-OCCUR N 7.0 N 1 AU AUDIT-FIELD-OCCUR-MAX N 7.0 N 1 AV AUDIT-SUB-FIELD-OCCUR N 7.0 N 1 AW AUDIT-SUB-FIELD-OCCUR-MAX N 7.0 N 1 AQ AUDIT-FIELD-DESCRIPTION A 64 N Business description M 1 AR BEFORE-IMAG A 128 N M 1 AS AFTER-IMAG A 128 N
The Solution Audit Converter Program View Handler Subroutine View Handler Subroutine View Handler Subroutine …
The Solution ** Program: AXAUDTP0 ** Author: Faye Windhorst ** Date Written: 12/22/04 ** Description: This program is the driver for moving records from the ** Audit-Log to the Audit-History file. ** Records on the Audit-Log are unformatted and contained in ** a "chunk of data". This program performs subroutines for ** each Adabas view to format the raw audit data into a ** useable format on the Audit-History file. As records are ** processed and written to Audit-History, they are ** physically deleted from Audit-Log. ** DEFINE DATA GLOBAL USING AXAUDTG0 LOCAL USING AXJCLA1 LOCAL 01 COUNTERS 02 #READ-CTR (N7) 02 #DELETE-CTR (N7) 01 INDICES 02 #MAX-AUTH-IX(N3) INIT <100> 02 #AX-IX (N3) 02 #IX (N3) END-DEFINE (More...)
The Solution READAUDT. READ AUDIT-LOG BY ISN ADD 1 TO #READ-CTR DECIDE FOR FIRST CONDITION WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-CONTRACT-INFO' PERFORM AXACONS0-ACCOUNT-CONTRACT-INFO WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-CONTRACT-PO-INFO' PERFORM AXACPOS0-ACCOUNT-CONTRACT-PO-INFO WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-MASTER-ALL' DECIDE ON FIRST AUDIT-LOG.AUDIT-PROG VALUES 'ISACCTP1', 'ISCNUPP1' PERFORM AXAMALS4-ACCOUNT-MASTER-ACCT * INCLUDES AXAMALS5, AXAMALS6 & AXAMALS7 VALUE 'ISADDRP1' PERFORM AXAMALS8-ACCOUNT-MASTER-ADDRESS NONE PERFORM AXAMALS0-ACCOUNT-MASTER-ALL * INCLUDES AXAMALS1, AXAMALS2 & AXAMALS3 END-DECIDE WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-MASTER-CTL' PERFORM AXAMCTS0-ACCOUNT-MASTER-CTL (MORE…) WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'STATE-CODE-TABLE' PERFORM AXCTSTS0-STATE-CODE-TABLE WHEN ANY IF AUDIT-ET-CTR > 0 ADD 1 TO #DELETE-CTR DELETE (READAUDT.) END TRANSACTION RESET AUDIT-ET-CTR * (MORE…)
The Solution * IF AUDIT-LOG.AUDIT-AUTH-CODE = MASK (999999'-'999999) OR AUDIT-LOG.AUDIT-AUTH-CODE = MASK ('F'999999'-'999999) OR AUDIT-LOG.AUDIT-AUTH-CODE = MASK ('S'999999'-'999999) OR AUDIT-LOG.AUDIT-AUTH-CODE = MASK ('UK OFFICE'...........) EXAMINE AXJCLA1.#AUDIT-AUTH-ARRAY(*) FOR AUDIT-LOG.AUDIT-AUTH-CODE GIVING INDEX #IX IF #IX = 0 #AX-IX := #AX-IX + 1 AXJCLA1.#AUDIT-AUTH-ARRAY (#AX-IX) := AUDIT-LOG.AUDIT-AUTH-CODE END-IF * * if the auth-code-array is full - stop processing and * get the remaining audit-log records on the next pass * IF #AX-IX = #MAX-AUTH-IX ESCAPE BOTTOM END-IF END-IF * END-IF WHEN NONE WRITE 'No audit subroutine for ' AUDIT-LOG.AUDIT-VIEW-NAME '.' END-DECIDE * END-READ * IF #AX-IX > 0 AXJCLA1.#NAT-LIBRARY := 'ISDL' AXJCLA1.#NAT-SOURCE-NAME := 'AXAHJCC1' AXJCLA1.#AUDIT-ARRAY-IX := #AX-IX CALLNAT 'AXJCLN1' AXJCLA1 END-IF * WRITE 15T 'RECORDS READ ' #READ-CTR (EM=Z,ZZZ,ZZ9) / 15T 'RECORDS DELETED' #DELETE-CTR (EM=Z,ZZZ,ZZ9) /// 15T ' *** END OF REPORT *** ' END
The Solution ** MODULE NAME: AXAMALS3 ** AUTHOR: FAYE WINDHORST ** DATE WRITTEN: 12-27-04 ** DESCRIPTION: THIS SUBROUTINE IS PERFORMED AS PART OF AXAUDTP0 TO FORMAT ** ACCOUNT-MASTER-ALL AUDIT DATA FROM AUDIT-LOG INTO A USEABLE ** FORMAT ON AUDIT-HISTORY ** DEFINE DATA GLOBAL USING AXAUDTG0 /* AUDIT-LOG LOCAL USING FXSDELA0 /* SYSDIC-EL (PREDICT FIELD NAME DESCR) LOCAL USING FXAUDHA0 /* AUDIT-HISTORY LOCAL 01 ACTMST-ALL-BEFORE 02 ACCT-NBR (P6) 02 ACCT-SER-CODE (A3) 02 REC-DEL-IND (A1) 02 TERR-CODE (A1) 02 STATE-CODE (A2) 02 ACCT-NAME (A23) (MORE...) 01 REDEFINE ACTMST-ALL-BEFORE 02 BEFORE-CHUNK (A250/1:20) 02 BEFORE-CHUNKX (A228) * 01 ACTMST-ALL-AFTER 02 ACCT-NBR (P6) 02 ACCT-SER-CODE (A3) 02 REC-DEL-IND (A1) 02 TERR-CODE (A1) 02 STATE-CODE (A2) 02 ACCT-NAME (A23) (MORE...) 01 REDEFINE ACTMST-ALL-AFTER 02 AFTER-CHUNK (A250/1:20) 02 AFTER-CHUNKX (A228) END-DEFINE
The Solution DEFINE SUBROUTINE AXAMALS3-ACCOUNT-MASTER-BEFORE-AFTER * ------------------------------------------------------------------------------------------------- ** AUDIT-IMAG = BEFORE IMAGE ** AUDIT-IMAG-TWO = AFTER IMAGE ** MOVE FROM AUDIT FILE INTO VIEW LAYOUTS ** BEFORE-CHUNK (1:20) := AUDIT-IMAG(1:20) BEFORE-CHUNKX := AUDIT-IMAG(21) AFTER-CHUNK (1:20) := AUDIT-IMAG-TWO(1:20) AFTER-CHUNKX := AUDIT-IMAG-TWO(21) RESET FXAUDHA0 MOVE BY NAME AUDIT-LOG TO FXAUDHA0-RECORD FXAUDHA0.ACCT-NBR := ACTMST-ALL-BEFORE.ACCT-NBR FXAUDHA0.SER-CODE := ACTMST-ALL-BEFORE.ACCT-SER-CODE FXAUDHA0.CUST-NBR := ACTMST-ALL-BEFORE.CUST-NBR DECIDE FOR EVERY CONDITION WHEN ACTMST-ALL-BEFORE.TERR-CODE NE ACTMST-ALL-AFTER.TERR-CODE MOVE 'TERR-CODE' TO FXAUDHA0.AUDIT-FIELD-NAME PERFORM LOOKUP-FIELD-DESCRIPTION MOVE ACTMST-ALL-BEFORE.TERR-CODE TO FXAUDHA0.BEFORE-IMAG (1) MOVE ACTMST-ALL-AFTER.TERR-CODE TO FXAUDHA0.AFTER-IMAG (1) PERFORM STORE-AUDIT-HISTORY-RECORD WHEN ACTMST-ALL-BEFORE.STATE-CODE NE ACTMST-ALL-AFTER.STATE-CODE MOVE 'STATE-CODE' TO FXAUDHA0.AUDIT-FIELD-NAME PERFORM LOOKUP-FIELD-DESCRIPTION MOVE ACTMST-ALL-BEFORE.STATE-CODE TO FXAUDHA0.BEFORE-IMAG (1) MOVE ACTMST-ALL-AFTER.STATE-CODE TO FXAUDHA0.AFTER-IMAG (1) PERFORM STORE-AUDIT-HISTORY-RECORD WHEN ACTMST-ALL-BEFORE.ACCT-NAME NE ACTMST-ALL-AFTER.ACCT-NAME MOVE 'ACCT-NAME' TO FXAUDHA0.AUDIT-FIELD-NAME PERFORM LOOKUP-FIELD-DESCRIPTION MOVE ACTMST-ALL-BEFORE.ACCT-NAME TO FXAUDHA0.BEFORE-IMAG (1) MOVE ACTMST-ALL-AFTER.ACCT-NAME TO FXAUDHA0.AFTER-IMAG (1) PERFORM STORE-AUDIT-HISTORY-RECORD (MORE...) WHEN NONE IGNORE END-DECIDE
Connecting Sarbanes to Oxley Questions??? Faye Windhorst Landauer, Inc. 14th NATURAL Conference October, 2006