IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  zSecure CARLa: Display "Repeat" Fields Same Number of Times

    Posted Thu May 14, 2020 11:39 AM
    Hello, I'm trying to use CARLa like such:

    NEWLIST TYPE=RACF PL=0 RETAIN
SELECT CLASS=USER SEGMENT=CSDATA KEY=MYID
sortlist key(8,'UserID') :CGGRPNM("Connect Group") $CSDKEY("Key Val")​

    This provides me results like such:
    UserID   Connect  Key Val
MYID     MYGROUP  00000000​


    However I only am able to get the "first" occurrence of Connect Group. and would like to see them all, with the output matching more along the lines of:

    UserID   Connect  Key Val
MYID     MYGROUP  00000000​
MYID     GROUP2   00000000​
MYID     GROUP3   00000000​
MYID     GROUP4   00000000​
MYID     GROUP5   00000000​


    Is this possible? Basically to display all the CGGRPNM values with the $CSDKEY value next to it (as the same value over and over, matching the number of connect groups)

    Hopefully that makes sense



    ------------------------------
    Adam Klinger
    ------------------------------


  • 2.  RE: zSecure CARLa: Display "Repeat" Fields Same Number of Times

    Posted Thu May 14, 2020 01:16 PM
    Hi Adam,

    I did not test this with a CSDATA segment (I used a TSO segment), but I think you could do something like:

    NEWLIST TYPE=RACF PL=0 RETAIN
    SELECT CLASS=USER SEGMENT=CSDATA KEY=MYID
    DEF LITERAL("Group" 6 blank$hdr) TRUE
    sortlist key(8,'UserID') connects(universal 8 "Connect") | literal $CSDKEY("Key Val")​

    [where I added the literal to show how to generate a wider header if you like, as the 8 is a hard column width.]

    HTH,

    --Jeroen

    ------------------------------
    Jeroen Tiggelman
    Software Development and Level 3 Support Manager IBM Security zSecure Suite
    IBM
    Delft
    ------------------------------



  • 3.  RE: zSecure CARLa: Display "Repeat" Fields Same Number of Times

    Posted Thu May 14, 2020 01:20 PM
    And then I remembered we have a CONNECTID format, so we don't need to keep the width at 8. :-)

    connects(universal 14 "Connect Group" connectid)

    --JJW

    ------------------------------
    Jeroen Tiggelman
    Software Development and Level 3 Support Manager IBM Security zSecure Suite
    IBM
    Delft
    ------------------------------

    Original Message


  • 4.  RE: zSecure CARLa: Display "Repeat" Fields Same Number of Times

    Posted Thu May 14, 2020 02:55 PM
    Thanks! I see how this helps since "connects" isn't a repeat field.

    ------------------------------
    Adam Klinger
    ------------------------------

    Original Message


  • 5.  RE: zSecure CARLa: Display "Repeat" Fields Same Number of Times

    Posted Fri May 15, 2020 03:34 AM
    Hi Adam,

    Glad to be of assistance.

    FTR, the problem is not that CGGRPNM is a repeated field per se, but that you are doing a lookup to a repeated field, which returns only the first value.

    CGGRPNM is a field in the RACF database, part of the CGGRPCT repeat group in the USER BASE segment.

    CONNECTS is a repeated pseudo-field specifically provided by CARLa to work more easily with CONNECT information. While the value of CGGRPNM is readily picked up directly from the USER BASE segment, CONNECTS combines information from USER BASE segments with information from GROUP BASE segments. Since the order of those segments in the database is not defined and at least some queries read the database sequentially, the values are only generated by the program after finishing the database read [around the same time most lookups are done for similar reasons] from data structures built up during the database read. For this reason, it is just as easily generated for segments other than BASE. (But when I tested it, it appeared that it was designed with only the BASE segment in mind. I added the UNIVERSAL modifier to trigger building up a complete image of all CONNECTs in the database during database read instead of only those related to information found in the segments being stored in the run anyway.)

    Regards,

    --Jeroen

    ------------------------------
    Jeroen Tiggelman
    Software Development and Level 3 Support Manager IBM Security zSecure Suite
    IBM
    Delft
    ------------------------------

    Original Message


  • 6.  RE: zSecure CARLa: Display "Repeat" Fields Same Number of Times

    Posted Fri May 15, 2020 03:40 AM
    Edited by Rob van Hoboken Fri May 15, 2020 03:52 AM
    Adam,
    Connects is a repeated field, but Jeroen found an undocumented side effect that does not apply to normal RACF fields.  Normally, you can only print a field if you have SELECTED the segment that this field is part of.  You would have found out when you added CGGRPNM (the list of connect groups) into the SORTLIST command: CGGRPNM would have remained empty because this field exists in the BASE segment.
    CONNECTS, however, combines information from USER and GROUP profiles, even when these are not in the SELECT command, and therefore is able to show the connect info even though it is missing in the CSDATA segment.  Without more parameters, CONNECTS is efficient.  It only looks for the user's connect groups which it found in the BASE segment.  But the base segment was skipped, so using UNIVERSAL, Jeroen ensured that ALL users and groups are processed... That is ... wow... nice.
    You mentioned that the :CGGRPNM lookup field only showed the first connect group name.  Yes, lookup is possible to a non-repeated field in the BASE segment, and if you apply it to a repeated field, it only shows the first entry (without warning).  This is known feature.

    ------------------------------
    Rob van Hoboken
    ------------------------------


Related Content