IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  zSecure CARLa -- Resolving RACFVARS Profiles

    Posted Tue December 17, 2019 08:42 AM
    Greetings all, back with another CARLa question to tackle.

    Is there a way to "explode" the contents of a RACFVARS profile in a CARLa query? For example I have a query such as below:

    newlist type=RACF nopage retain
    define sub_acl(resolve) subselect acl(exists(user))
    SELECT CLASS=JESSPOOL
    SORTLIST class(8), key(44,'Resource'),
    sub_acl(resolve,'User Access Group')

    Which returns results like such:

    JESSPOOL &RACLNDE.ADAM1*.** USER1   ALTER GROUP
    JESSPOOL &RACLNDE.ADAM1*.** USER2   ALTER GROUP

    But let's say in the &RACLNDE profile in the RACFVARS class I have SYSTEM1 and SYSTEM2, in this case I'd like to resolve the profile results to something like such:

    JESSPOOL SYSTEM1.ADAM1*.** USER1   ALTER GROUP
    JESSPOOL SYSTEM1.ADAM1*.** USER2   ALTER GROUP
    JESSPOOL SYSTEM2.ADAM1*.** USER1   ALTER GROUP
    JESSPOOL SYSTEM2.ADAM1*.** USER2   ALTER GROUP

    Is this possible, and if so how?



    ------------------------------
    Adam Klinger
    ------------------------------


  • 2.  RE: zSecure CARLa -- Resolving RACFVARS Profiles

    Posted Tue December 17, 2019 09:47 AM
    Edited by Rob van Hoboken Wed December 18, 2019 02:39 AM
    RFE I'm afraid.
    One of the challenges would be to (efficiently) print the results of the following naming convention for Command Verifier:
    rdefine racfvars &num addmem(0,1,2,3,4,5,6,7,8,9)
    rdefine xfacilit c4r.group.id.d&num&num&num&num uacc(none) /* numeric department group */

    ------------------------------
    Rob van Hoboken
    ------------------------------


  • 3.  RE: zSecure CARLa -- Resolving RACFVARS Profiles

    Posted Tue December 17, 2019 10:10 AM
    Edited by Adam Klinger Tue December 17, 2019 10:51 AM
    Thanks, one thing which caught my eye is the " RACLIST_MERGE" option.. I suppose that's not viable in this situation?

    Edit: Apparently not as explained, RFE 138989 opened!

    ------------------------------
    Adam Klinger
    ------------------------------

    Original Message


Related Content