I have many Access reports where I like to pull in HR data from a Dataset and map fields to the user in the access report. In order to do this properly I need to be able to map to the correct value. For example if it is a normal human User's single sign-on ID I can simply map to it like acl:#hrfile.#hrid.#hrname (Where #hrfile is a deftype and #hrid and #hrname are defined fields from it). However if this is a Service Account I want to map this to the Owner of the ID which I can Find in CSDATA field OWNER. What I would like to do is define an variable (Call it @MAPUSR) that is acl:OWNER if that CSDATA field is populated, or simply the ACLID if it is not. This would allow me to map back to HR dataset information using @MAPUSR as a lookup. @MAPUSR.#hrfile.#hrid.#hrname. The few ways I have tried to do this I have received errors, Is this possible?

------------------------------
Eli Perkins
------------------------------

Hi Eli,

I cannot think of a way of doing that.

If you want this data as a last column in a printed report, you might use two DEFINEd variables with WHERE clauses for which only one is true at a time, and print them with overriding length 0 and concatenated (field1(0) | field2(0)).

Otherwise, you might use such a method to populate an intermediate file to do a lookup from the ID to the (potentially) alternate ID.

Regards

------------------------------
Jeroen Tiggelman
IBM - Software Development Manager IBM zSecure
Delft
------------------------------

Original Message:
Sent: Thu September 11, 2025 03:27 PM
From: Eli Perkins
Subject: Defining a lookup variable based on presence of CSDATA field value for ACL.

I have many Access reports where I like to pull in HR data from a Dataset and map fields to the user in the access report. In order to do this properly I need to be able to map to the correct value. For example if it is a normal human User's single sign-on ID I can simply map to it like acl:#hrfile.#hrid.#hrname (Where #hrfile is a deftype and #hrid and #hrname are defined fields from it). However if this is a Service Account I want to map this to the Owner of the ID which I can Find in CSDATA field OWNER. What I would like to do is define an variable (Call it @MAPUSR) that is acl:OWNER if that CSDATA field is populated, or simply the ACLID if it is not. This would allow me to map back to HR dataset information using @MAPUSR as a lookup. @MAPUSR.#hrfile.#hrid.#hrname. The few ways I have tried to do this I have received errors, Is this possible?

------------------------------
Eli Perkins
------------------------------

Thanks for the input Jeroen.

I am currently doing something similar to what you suggested (below) and am able to get a desirable outcome. This is fine if I am using a CSV formatted output, or if  I use a forced header length for one of the values and nothing for the other. I was just hoping for something a bit cleaner and eliminate the need for for both references. I will give the intermediate file reference a try, or maybe its time to just make the CSDATA consistent for all IDs. 

acl:#hrfile.#hrid.#hrname(0)
| owner:#hrfile.#hrid.#hrname(0)

forced header length

acl:#hrfile.#hrid.#hrname(0,"")
| owner:#hrfile.#hrid.#hrname(0,"Name                                    ")

------------------------------
Eli Perkins
------------------------------

Original Message:
Sent: Fri September 12, 2025 11:05 AM
From: Jeroen Tiggelman
Subject: Defining a lookup variable based on presence of CSDATA field value for ACL.

Hi Eli,

I cannot think of a way of doing that.

If you want this data as a last column in a printed report, you might use two DEFINEd variables with WHERE clauses for which only one is true at a time, and print them with overriding length 0 and concatenated (field1(0) | field2(0)).

Otherwise, you might use such a method to populate an intermediate file to do a lookup from the ID to the (potentially) alternate ID.

Regards

------------------------------
Jeroen Tiggelman
IBM - Software Development Manager IBM zSecure
Delft

Original Message:
Sent: Thu September 11, 2025 03:27 PM
From: Eli Perkins
Subject: Defining a lookup variable based on presence of CSDATA field value for ACL.

I have many Access reports where I like to pull in HR data from a Dataset and map fields to the user in the access report. In order to do this properly I need to be able to map to the correct value. For example if it is a normal human User's single sign-on ID I can simply map to it like acl:#hrfile.#hrid.#hrname (Where #hrfile is a deftype and #hrid and #hrname are defined fields from it). However if this is a Service Account I want to map this to the Owner of the ID which I can Find in CSDATA field OWNER. What I would like to do is define an variable (Call it @MAPUSR) that is acl:OWNER if that CSDATA field is populated, or simply the ACLID if it is not. This would allow me to map back to HR dataset information using @MAPUSR as a lookup. @MAPUSR.#hrfile.#hrid.#hrname. The few ways I have tried to do this I have received errors, Is this possible?

------------------------------
Eli Perkins
------------------------------

Hi Eli

As a first step I would go with Jeroen's 2nd suggestion.  Create a flat file with (all) user IDs in the 1st column and the intended value of HRNAME in the 2nd.  Use 2 NEWLISTs to write the file, one for your service IDs and the 2nd for all other user profiles (using EXCLUDE LIKELIST=first or NEWLIST NOPROFLIST=first).  You can use MERGELIST around the 2 NEWLISTs to get the list ordered alphabetically, but you don't have to, the ID lookup does not care much about alphabetical order.

I would like to point out that having CFIELD names that overlap existing template field names is a bad idea for CARLa programming.  If you have a field SERVOWN in the user's CSDATA, you can use this name in lookups like so:

newlist type=racf
  select class=user segment=base
  sortlist profile(8,"Userid") name :servown

but if your CFIELD is called OWNER, :owner prints the user's RACF OWNER value.

------------------------------
Rob van Hoboken
------------------------------

Rob,

Thanks for the input I will give it a try. 

Also, I agree completely about the CFIELD. I just used OWNER as an example. Learned the hard way when converting from ACF2 to RACF and made a CFILED called UID to keep some ACF2 history data, which of course prints the OMVS UID. 

------------------------------
Eli Perkins
------------------------------

Original Message:
Sent: Mon September 15, 2025 04:47 AM
From: Rob van Hoboken
Subject: Defining a lookup variable based on presence of CSDATA field value for ACL.

Hi Eli

As a first step I would go with Jeroen's 2nd suggestion.  Create a flat file with (all) user IDs in the 1st column and the intended value of HRNAME in the 2nd.  Use 2 NEWLISTs to write the file, one for your service IDs and the 2nd for all other user profiles (using EXCLUDE LIKELIST=first or NEWLIST NOPROFLIST=first).  You can use MERGELIST around the 2 NEWLISTs to get the list ordered alphabetically, but you don't have to, the ID lookup does not care much about alphabetical order.

I would like to point out that having CFIELD names that overlap existing template field names is a bad idea for CARLa programming.  If you have a field SERVOWN in the user's CSDATA, you can use this name in lookups like so:

newlist type=racf
  select class=user segment=base
  sortlist profile(8,"Userid") name :servown

but if your CFIELD is called OWNER, :owner prints the user's RACF OWNER value.

------------------------------
Rob van Hoboken
------------------------------