IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  CARLA query with RETAIN

    Posted Wed May 07, 2025 10:09 AM
      |   view attached

    I am running on a zPDT and I am looking at the CICS transaction definitions, which are vanilla insofar as I have not altered them.

    I have run this Carla script,

    n segment=base retain nopage              
    s c=general and s=base class=gcicstrn     
    sortlist ,                                
      memberkey(8),                           
      PROFILE(10),                            
      class(8),                               
      ACL                                     

    This gives me a report as shown in the uploaded file.

    I see that the lines for CKTI, CNJW and CWDP all have multiple lines, but the MEMBERKEY field is blank, despite the presence of RETAIN on the NEWLIST statement. Why is this?
    Lennie



    ------------------------------
    Lennie Dymoke-Bradshaw
    Director
    Reverse Sweep Consulting Limited
    07504304158
    ------------------------------

    Attachment(s)

    txt
    C2R13C9.report.txt   6 KB 1 version


  • 2.  RE: CARLA query with RETAIN

    Posted Wed May 07, 2025 10:11 AM

    Hi Lennie,

    MEMBERKEY is a repeated field, so it is not affected by RETAIN.

    Regards,
    Jeroen



    ------------------------------
    Jeroen Tiggelman
    IBM - Software Development Manager IBM Security zSecure
    Delft
    ------------------------------

    Original Message


  • 3.  RE: CARLA query with RETAIN

    Posted Wed May 07, 2025 10:30 AM

    Ah, a repeated field, as opposed to part of a repeat group. 
    Thanks Jeroen, Lennie



    ------------------------------
    Lennie Dymoke-Bradshaw
    Director
    Reverse Sweep Consulting Limited
    07504304158
    ------------------------------

    Original Message


  • 4.  RE: CARLA query with RETAIN

    Posted Wed May 07, 2025 10:36 AM

    Hi Lennie,

    RETAIN works on fields that are NOT (as in never, cannot be) repeated, to repeat them on the lines generated by values of the fields that are.

    A repeat group is simply a group of (related) fields that always have the same repeat count.

    Regards,
    Jeroen



    ------------------------------
    Jeroen Tiggelman
    IBM - Software Development Manager IBM Security zSecure
    Delft
    ------------------------------

    Original Message


  • 5.  RE: CARLA query with RETAIN

    Posted Thu May 08, 2025 03:20 AM

    For grouping profiles, MEMBERKEY holds the transaction names from MEMLST, so it is a repeated field and RETAIN has no grip on it.

    For transaction profiles, MEMBERKEY is filled with the value from PROFILE.

    Consequently, if you want to see the sum of profiles related to a CICS region CICSA, and it lists the grouping and members together, you would write

    SELECT CLASS=%CICSTRN MEMBERKEY=CICSA.*

    If you wanted to export the relevant profiles in a fully retained format, you can think about newlist type=racf_access, see https://www.ibm.com/docs/en/szs/3.1.0?topic=racf-access-connects-permits:

    n type=racf_access nopage              
    select member_class=tcicstrn raclist_merge=yes
    sortlist ,                                
      member_class member_key(17),                           
      class PROFILE(17),
      id access id:name

    Note, there is no need for RETAIN since each entry in this newlist has all the fields filled out.  Also note the underscore in the field names, confusing if you used newlist type=racf before.

    Finally, if you want to export to a spreadsheet, try replacing the NOPAGE keyword with HEADER=CSVT or HEADER=TSVT.  You could also remove the overriding length (17) for this export since fields are automagically cropped.




    Original Message


Related Content