IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Populating zSecure Mass Update Functions with External Data

    Posted 4 days ago

    Hello everyone,

    I have a somewhat bold question: zSecure provides mass update functions, such as DELETE. The advantage is that, via the CKFREEZE file, all user data sets and aliases are also deleted. In the panel, however, you can manually enter a maximum of 10 users.

    Is there a way to feed the users from an external file into this function and have the commands generated from it? Background: We have hundreds of users that can be cleaned up and deleted. Entering all of them manually is tedious.

    Best regards,
    Stephan



    ------------------------------
    Stephan Reichelt
    ------------------------------


  • 2.  RE: Populating zSecure Mass Update Functions with External Data

    Posted 4 days ago
    Edited by Ronald van der Laan 4 days ago

    Stephan,

    RA.4.4 (Delete user) just generates CARLa statements, so that the CKRCARLA engine can do the heavy lifting.
    You can just run it for a single user with all your preferences set, and after running the function run the RESULTS command and look at the COMMANDS file.
    At a minimum, that contains a line like "REMOVE USER byebye"

    If you take that COMMANDS file as template, you can add as many "REMOVE USER xyz" lines as you want.
    You can either create some JCL, or use the CARLA command to run or submit your deletions.



    ------------------------------
    Ronald van der Laan
    ------------------------------



  • 3.  RE: Populating zSecure Mass Update Functions with External Data

    Posted 4 days ago

    Hi Stephan,

    The zSecure function called Delete in the interface is the CARLa command REMOVE USER.

    At a first cut level, it is a matter of generating REMOVE USER=userid commands.
    (And depending on the extra options you would specify, you would add some SUPPRESS commands and the like.)

    That can be done in various ways with using DEFTYPE and DEFINE to map the contents on the external file and then run a query like

    DEFTYPE TYPE=$
ALLOC TYPE=$ DSN=my.data.set
DEFINE userid as <something-based-on-external-file-layout>
NEWLIST TYPE=$
SORTLIST 'REMOVE USER=' | userid

    And then the resulting commands could be run in a different step or pass.

    Regards,



    ------------------------------
    Jeroen Tiggelman
    IBM - Software Development Manager IBM zSecure
    Delft
    ------------------------------



  • 4.  RE: Populating zSecure Mass Update Functions with External Data



Related Content