如何於 AS400 系統中因應個資法,紀錄使用者何時取得機密敏感的資訊?
於 OS400 V6R1 以前,要利用系統所提供的 Trigger read 事件功能來達成。
詳細資訊請參照:Creating trigger programs
從 OS400 V7R1 以後,還可以使用 V7R1 新增加的 Field Procedure 功能來完成,可以透過程式運作來達到指定欄位的加解密或遮罩。
詳細資訊請參照:Defining field procedures
此次範例使用系統所提供的 Trigger read 事件功能來達成。並將讀取的資訊紀錄於日誌中。
File : QRPGLESRC
Member: TRGREADJRN
Type : RPGLE
Usage : CRTBNDRPG QGPL/TRGREADJRN
於使用前須建立所要使用的日誌 DVMJRN 設定如下:
1. CRTJRNRCV JRNRCV(QGPL/DVMJRNRCV)
2. CRTJRN JRN(QGPL/DVMJRN) JRNRCV(QGPL/DVMJRNRCV)
3. 將 Trigger 程式連結至檔案
ADDPFTRG FILE(lib/file) TRGTIME(*AFTER) TRGEVENT(*READ) PGM(QGPL/TRGREADJRN) TRG(TRGREADJRN)
DSPFD lib/file 檢視所加入的 Trigger Description。
若要移除 Trigger 程式連結
RMVPFTRG FILE(LIB/FILE) TRGTIME(*AFTER) TRGEVENT(*READ)
5. 使用 STRDFU 或其他程式讀取 lib/file
6. DSPJRN JRN(QGPL/DVMJRN) 會得到類似如下的畫面:
===============================================================================
Display Journal Entries
Journal . . . . . . : DVMJRN Library . . . . . . : QGPL
Largest sequence number on this screen . . . . . . : 00000000000000000012
Type options, press Enter.
5=Display entire entry
Opt Sequence Code Type Object Library Job Time
1 J PR QPADEV000F 11:40:08
2 U DV QPADEV000F 11:41:08
3 U DV QPADEV000F 11:41:08
4 U DV QPADEV000F 11:41:09
5 5 U DV QPADEV000F 11:41:09
6 U DV QPADEV000F 11:41:09
7 U DV QPADEV000F 13:41:46
8 U DV QPADEV000F 13:41:47
9 U DV QPADEV000F 13:41:47
10 U DV QPADEV000F 13:41:48
11 U DV QPADEV000F 13:41:50
12 U DV QPADEV000F 13:41:50
==============================================================================
Display Journal Entry
Object . . . . . . . : Library . . . . . . :
Member . . . . . . . :
Incomplete data . . : No Minimized entry data : *NONE
Sequence . . . . . . : 50
Code . . . . . . . . : U - User generated entry
Type . . . . . . . . : DV
Entry specific data
Column *...+....1....+....2....+....3....+....4....+....5
00001 'QPADEV000FVENGOAL 941887VENGOAL QCUSTCDTC VENG'
00051 'OAL QCUSTCDTC 000000000520120604161956QDZTD00001'
00101 'QTEMP 397267Tyron W E13 Myrtle Dr HectorNY14'
00151 '84110001000000000000 < < '
Bottom
===============================================================================
所記錄的資訊目前是定義如下:
D JrnEntDtaDs Ds 32767
D jjob 10
D juser 10
D jjobnbr 6
D jcurusr 10
D jfile 10
D jfilelib 10
D jfileMbr 10
D jrrn 10S 0
D jdate 8
D jtime 6
D jpgm 10
D jpgmlib 10
D* filedata
前 110 位資訊如上,111位以後目前為所讀取的檔案資訊,可以依照需求修改紀錄檔案中那些資訊。
**
** Program . . : TRGREADJRN
** Description : Trigger read event to jiurnal
** Author . . : Vengoal Chang
** Published . : AS400 ePaper
** Date . . . : June 4, 2012
**
**
** Program summary
** ---------------
**
** Journal & commit API:
** QJOSJRNE Send journal entry Writes a single journal entry to a
** specific journal. The entry can
** contain any information. You can
** assign an entry type to the
** journal entry.
**
**
** Compile and setup instructions:
** CrtBndRpg Pgm( TRGREADJRN )
**
**
**-- Control specifications: -------------------------------------------**
H Debug Option(*SrcStmt:*NoDebugIo) DftActGrp(*NO)
**-- API error information:
D ERRC0100 Ds Qualified
D BytPro 10i 0 Inz( %Size( ERRC0100 ))
D BytAvl 10i 0
D MsgId 7a
D 1a
D MsgDta 256a
**-- System information:
D PgmSts SDs Qualified
D PgmNam *Proc
D MsgId 7a Overlay( PgmSts: 40 )
D Msg 80a Overlay( PgmSts: 91 )
D CurJob 10a Overlay( PgmSts: 244 )
D UsrPrf 10a Overlay( PgmSts: 254 )
D JobNbr 6a Overlay( PgmSts: 264 )
D CurUsr 10a Overlay( PgmSts: 358 )
**-- Send program message:
D SndPgmMsg Pr ExtPgm( 'QMHSNDPM' )
D SpMsgId 7a Const
D SpMsgFq 20a Const
D SpMsgDta 128a Const
D SpMsgDtaLen 10i 0 Const
D SpMsgTyp 10a Const
D SpCalStkE 10a Const Options( *VarSize )
D SpCalStkCtr 10i 0 Const
D SpMsgKey 4a
D SpError 32767a Options( *VarSize )
**-- Send journal entry:
D SndJrnE Pr ExtPgm( 'QJOSJRNE' )
D SjJrnNamQ 20a Const
D SjJrnEntInf 4096a Const Options( *VarSize )
D SjEntDta 32766a Const Options( *VarSize )
D SjEntDtaLen 10i 0 Const
D SjError 32767a Options( *VarSize )
**
D JrnEntInf Ds Qualified
D InfEntRcds 10i 0 Inz( 1 )
D InfKey1 10i 0 Inz( 1 )
D InfLen1 10i 0 Inz( %Size( JrnEntInf.InfDta1))
D InfDta1 2a
D* InfKey2 10i 0 Inz( 2 )
D* InfLen2 10i 0 Inz( %Size( JrnEntInf.InfDta2))
D* InfDta2 20a
D* InfKey3 10i 0 Inz( 3 )
D* InfLen3 10i 0 Inz( %Size( JrnEntInf.InfDta3))
D* InfDta3 10a
**
**-- Send escape message:
D SndEscMsg Pr 10i 0
D PxMsgDta 512a Const Varying
**-- Trigger buffer:
D trgBuffer DS 32767
D tbFile 10
D tbLib 10
D tbMbr 10
D tbEvnt 1
D tbTime 1
D tbComt 1
D tbFill01 3
D tbCCSID 10I 0
D tbRRN 10I 0
D tbFill02 4
D tbOldOffset 10I 0
D tbOldLength 10I 0
D tbOldNullOff 10I 0
D tbOldNullLen 10I 0
D tbNewOffset 10I 0
D tbNewLength 10I 0
D tbNewNullOff 10I 0
D tbNewNullLen 10I 0
**
D JrnEntDtaDs Ds 32767
D jjob 10
D juser 10
D jjobnbr 6
D jcurusr 10
D jfile 10
D jfilelib 10
D jfileMbr 10
D jrrn 10S 0
D jdate 8
D jtime 6
D jpgm 10
D jpgmlib 10
**
** Trigger Buffer Length Field
D trgBufferLen S 10I 0
** Constants
** Possible values for Event
D DbActIns C '1'
D DbActDlt C '2'
D DbActUpd C '3'
D DbActRead C '4'
** Possible values for Time
D DbTimBfr C '1'
D DbTimAft C '2'
** Possible values for Commitlocklev
D Cmtnone C '0'
D Cmtchange C '1'
D Cmtcs C '2'
D Cmtall C '3'
**
D GetCaller PR Extpgm('QWVRCSTK')
D Var 2000
D VarLen 10I 0
D CStkFmt 8 CONST
D JobIdInfo 56
D JobIdFmt 8 CONST
D ApiErr 15
**
D Var DS 2000
D BytAvl 10I 0
D BytRtn 10I 0
D Entries 10I 0
D Offset 10I 0
** Stand Alone variables
D VarLen S 10I 0 Inz(%size(Var))
D ApiErr S 15
D Doffset S 10I 0
**
D JobIdInf DS
D JIDQName 26 Inz('*')
D JIDIntID 16
D JIDRes3 2 Inz(*loval)
D JIDThreadInd 10I 0 Inz(1)
D JIDThread 8 Inz(*loval)
**
D Entry DS 256
D EntryLen 10I 0
D PgmNam 10 Overlay(Entry:25)
D PgmLib 10 Overlay(Entry:35)
**
D i S 5 0
D JIDUser S 10 inz(*user)
D JIDDate S D Inz(*sys)
D JIDTime S t inz(*sys)
D MsgKey s 4a
**********************************************************************
*
* PLISTS
*
**********************************************************************
C *Entry plist
C parm trgBuffer
C parm trgBufferLen
**********************************************************************
*
* Main lines
*
**********************************************************************
/free
ExSr GetCallerID;
if tbEvnt = DbActRead;
jjob = PgmSts.CurJob;
jUser = PgmSts.UsrPrf;
jJobNbr = PgmSts.JobNbr;
jCurUsr = PgmSts.CurUsr;
jfile = tbFile;
jfilelib = tbLib;
jfileMbr = tbMbr;
jrrn = tbRRN;
jdate = %char(JIDDate:*iso0) ;
jtime = %char(JIDTime:*hms0) ;
jpgm = PgmNam ;
jpgmlib = PgmLib ;
JrnEntInf.InfDta1 = 'DV';
// JrnEntInf.InfDta2 = tbFile + tbLib;
// JrnEntInf.InfDta3 = tbMbr;
%SubSt(JrnEntDtaDS : 111) =
%SubSt(trgBuffer : tbOldOffset + 1 : tbOldLength);
SndJrnE( 'DVMJRN *LIBL '
: JrnEntInf
: JrnEntDtaDs
: tbOldLength + 110
: ERRC0100
);
if (ERRC0100.BytAvl > 0);
SndEscMsg( ERRC0100.MsgID + ERRC0100.MsgDta );
endIf;
endif;
return;
/end-free
*=====================================================================
*
* Get Caller ID
*
*=====================================================================
C GetCallerID begsr
C callp GetCaller(Var:VarLen:'CSTK0100':JobIdInf
C :'JIDF0100':ApiErr)
C FOR i = 1 TO Entries
C eval Entry = %subst(Var:Offset + 1)
C if pgmnam <> PgmSts.PgmNam and
C pgmlib <> 'QSYS'
C leave
C endif
C eval Offset = Offset + EntryLen
C Endfor
C* pgmnam dsply
C* pgmlib dsply
C endsr
**-- Send escape message: ----------------------------------------------**
P SndEscMsg B
D Pi 10i 0
D PxMsgDta 512a Const Varying
/Free
SndPgmMsg( 'CPF9898'
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*ESCAPE'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndEscMsg E
A blog about IBM i (AS/400), MQ and other things developers or Admins need to know.
星期三, 11月 08, 2023
2012-06-06 如何於 AS400 系統中因應個資法,紀錄使用者何時取得機密敏感的資訊?
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言