Hi Danilo,
Some additions to what I wrote yesterday.
It is easy to suppress the duplicates from the simple form by just adding he NODUP keyword.
As to the other approach... I did not check if the format in which this data is contained in the RACF database is an authorized interface.
As to the form of the entries, "appear to have" is right--this is actually the result of zSecure interpreting and modifying the values before showing them.
It turns out that the overriding format $MEMLST will just show the category name, so using that avoids any parsing risk of a '=' being in the name.
Avoiding printing the " HWM" entry does appear to need the complex DEFINE.
But since the lookup is
from the name
to the hexadecimal value, it is not a problem that the hexadecimal value shows up on two rows.
That means that if you would want to go this route, this much simpler query would suffice:
n type=racf nopage
s c=secdata key=category
list memlst(hex 4) memlst($memlst)
However, taking the safest approach, it could work with the following steps:
1. generate the lookup file
2. use the result to write the query-generating query against
3. run the actual query.
Like so:
1. Generate all values in use in the database
alloc type=output dd=cat dsn=crmbjti.carla(cat)
n type=racf nopage dd=cat nodup
s exists(category)
sortlist category(hex 4) category(0)
2. Use one of the two-pass query mechanisms (in either the UI or the sample JCL) to generate and run the query:
deftype type=cat
alloc type=cat dsn=crmbjti.carla(cat)
def type=cat hexvalue as substr(record,1,4)
def type=cat categoryname as substr(record,6)
n type=cat nopage dd=ckr2pass
s categoryname=CSR
sortlist `n n=based1 segment=base` /,
`s s=base c=dataset category='` |,
categoryname:cat.categoryname.hexvalue(0) | `'X` /,
`sortlist complex key(44,wrap) category instdata`
I hope this helps.
Regards,
------------------------------
Jeroen Tiggelman
Software Development and Level 3 Support Manager IBM Security zSecure Suite
IBM
Delft
------------------------------
Original Message:
Sent: Tue December 14, 2021 09:18 AM
From: Jeroen Tiggelman
Subject: Field RACF CATEGORY: A hexadecimal (internal) value must be specified
Hi Danilo,
The issue is that the "conversion" indicated in the RACF database itself is not available yet at the time the SELECT statement is evaluated in that run. So if you want to use a conversion based on this information, you would need to do that prior to the run. Which could possibly be by doing another run that processes the conversion present in the RACF database.
In this case, I think the way to go would be to produce a lookup file that lists the CATEGORY name and its hexadecimal value side by side, and then use that as a DEFTYPE input file and generate the real query.
In its simplest form that could be generated with this query:
n type=racf nopage
s exists(category)
sortlist category(hex 4) category(0)
Although this would likely produce many duplicates. (You could run an extra pass to filter those out. :/)
(SUMMARY does not work instead of SORTLIST because this is a repeated field.)
I believe that conversion is contained in the RACF database in the CATEGORY profile in the SECDATA class. If you print the MEMLST (repeated) field, the entries appear to have the form categoryname=decimalvalue.
Provided that your category names do not contain '='--I did not check the RACF symtax if that might be valid--you could also write a lookup file by formatting that MEMLST, like so:
n type=racf nopage
s c=secdata key=category
def categoryname(char 0) as word(memlst,1,'=')
def hexvalue(0 hex) as convert(word(memlst,2,'='),decimal,decimal)
sortlist hexvalue categoryname
Hmmm.. but this appears to generate an extra " HWM" entry that probably should be ignored (and duplicates the last valid category).
You can probably achieve that by using this DEFINE instead:
def hexvalue(8 hex) as
convert(word(word(memlst,1,' '),2,'='),decimal,decimal)
which masks away the entry that starts with a blank from being converted.. but would break any values that contained a valid blank (if that is possible).
Anyway... spent quite a bit of time on this, I hope this gives you some sense of what direction you might or might not want to try. (And perhaps someone else can take if from here? :-))
Let me know if you have additional questions.
Regards,
------------------------------
Jeroen Tiggelman
Software Development and Level 3 Support Manager IBM Security zSecure Suite
IBM
Delft
Original Message:
Sent: Mon December 13, 2021 07:42 AM
From: Danilo Farias
Subject: Field RACF CATEGORY: A hexadecimal (internal) value must be specified
Hi Jeroen,
This is an old topic, but I am kind of reviving it because I have other questions. ( I hope you don't mind)
We are actually using the same CARLa code to identify RACF profiles with a specific value in the CATEGORY field in all systems we support. The problem is that even though the character value in the CATEGORY field is the same, the hexadecimal value will changed in each system. As you said, if the hexadecimal value is some kind of index, it will be different in each system, and I already checked that. In this case, we can not use the same code because the HEX value will not be the same, and since we can not select the field by its character value, we have a problem.
Question: is it possible to convert this field into something selectable, that is not the hex index value? If not, we will have to find another way to automatically identify the hex value on each system, and somehow change the CARLa code automatically.
Thanks in advance
------------------------------
Danilo Farias
Original Message:
Sent: Thu August 12, 2021 02:08 AM
From: Jeroen Tiggelman
Subject: Field RACF CATEGORY: A hexadecimal (internal) value must be specified
Hi Gabriel,
The RACF data set profile contains "index numbers" that identify the CATEGORYs. In order to translate those numbers to names, other RACF profiles need to be consulted. Selection support has been built in such a way that this lookup cannot reliably be done in that phase, so you must specify the "index number" and not the name of the category for the record selection.
If you print the CATEGORY field in hexadecimal (with overriding output format HEX), you can see the index number in that format:
sortlist complex key(44,wrap) category CATEGORY(HEX)
might yield something in this format:
Complex Profile key Ctgry Ctgry
SECDATA GTST1.NONEXIST.DISCRETE.PROFILE1 CAT1 0009
You cannot use CAT1 for the selection, but must use the 0009.
Your selection might look like this:
s s=base c=dataset category='0009'x
Note that putting the value in quotes and appending an X indicates that you are specifying a number in hexadecimal.
Regards,
------------------------------
Jeroen Tiggelman
Software Development and Level 3 Support Manager IBM Security zSecure Suite
IBM
Delft
Original Message:
Sent: Wed August 11, 2021 03:51 PM
From: Gabriel Vicoso Amaral
Subject: Field RACF CATEGORY: A hexadecimal (internal) value must be specified
A customer wants to select CATEGORY=CSR in this report:
n n=based1 segment=base
s s=base c=dataset /* category=csr */
sortlist complex key(44,wrap) category instdata
But CATEGORY can't be used in SELECT.
We have this information in CATEGORY dictionary: "This field is found in USER, DATASET, and GENERAL profiles. For SELECT/EXCLUDE processing, a hexadecimal (internal) value must be specified. It is a repeated field listing the security categories to which the user has access, or to which the data set or resource belongs. The number of security categories is listed in the NUMCTGY field."
Question: What does "hexadecimal (internal) value must be specified" mean? What am I supposed to use in this field?
Or do you have another suggestion?
Thanks!
------------------------------
Gabriel Vicoso Amaral
------------------------------