IBM Security Z Security

Expand all | Collapse all

CARLA output in CSV Format

  • 1.  CARLA output in CSV Format

    Posted Thu April 22, 2021 04:06 PM
    Hi All,

    We have upgraded to below:
    Product/Release
    5655-N16 IBM Security zSecure Admin 2.3.1
    5655-N17 IBM Security zSecure Audit for RACF 2.3.1

    Does the zSecure Admin 2.3.1 allow output of RACF information in a CSV format?

    If so, does anyone have any samples of CARLA code that woud produce below dataset report in a dataset into CSV format?
    RACF GROUP W0DB
    Group nesting level 3
    Superior group MIDWEST
    Owner MIDWEST
    Installation data DATABASE/IMS TECH SUPPT - REQUIRES APPROVAL FROM

    RACF GROUP W0DB
    Group nesting level 3
    Superior group MIDWEST
    Owner MIDWEST
    Installation data DATABASE/IMS TECH SUPPT - REQUIRES APPROVAL FROM

    User/Grp Auth R SOA AG Uacc Revokedt Resumedt RI Name
    ------------------------------------------------------ -- ----
    $JOBD20 USE NONE DB2 TECH PROD JOBS
    $JOBIM0 USE NONE IMS T/S PROD JOBS
    BMCP USE NONE IMS STC

    Thanks much!
    Laura

    ------------------------------
    Laura A Bolz
    ------------------------------


  • 2.  RE: CARLA output in CSV Format

    Posted Fri April 23, 2021 02:52 AM
    Hi Laura,

    the zSecure 2.3.1 CARLa Command Reference contains a section that is named "Field headers and automatic formatting" in chapter 1.
    This section contains the following information about producing output in CSV format:

    With HEADER=CSV, output is generated in a format that is ready for most spreadsheet programs, with commas between field values and quotes (only) when
    needed.
    newlist type=racf header=csv
    select class=facility
    sortlist profile owner uacc instdata

    Results in:

    BPX.CONSOLE,BPXOWNER,NONE,"WRITE MESSAGES TO Z/OS CONSOLE"
    BPX.DAEMON,BPXOWNER,NONE,

    With HEADER=CSVT, the column headers are collected in a separate line preceding the variable lines:

    Profile key,Owner,UACC,InstData
    BPX.CONSOLE,BPXOWNER,NONE,"WRITE MESSAGES TO Z/OS CONSOLE"
    BPX.DAEMON,BPXOWNER,NONE,

    Note: Note: you should add any quotes and escapes in overriding field titles, because the headers are generated as is.

    So when you add header=CSV (or CSVT) to the newlist statement in your CARLa program, it should produce the output in CSV format.
    I hope this answers your question sufficiently.

    Best regards, Tom

    ------------------------------
    Tom Zeehandelaar
    z/OS Security Enablement Specialist - zSecure developer
    IBM
    ------------------------------



  • 3.  RE: CARLA output in CSV Format

    Posted Fri April 23, 2021 09:13 AM

    Thanks Tom.  I've been trying to get the below manual, however, I'm waiting for our tech suppt group to obtain it as they have our IBM Customer # as I don't have that.

     

    Regards,

     

    Laura Bolz

    Security Access Services(SAS)

    Information Risk & Compliance Assurant Global Technology

    (651) 343-9086

    OOO

    Fri., May 21, 2021

     

     

     


     






  • 4.  RE: CARLA output in CSV Format

    Posted Fri April 23, 2021 03:27 AM
    Edited by Rob van Hoboken Fri April 23, 2021 03:34 AM
    You can get this report with following CARLa:
    newlist type=racf pl=0 header=csvt
      select c=group s=base mask=W0DB
      sortlist profile('group'),
               depth('nesting'),
               supgroup('superior'),
               owner('owner'),
               instdata('installation data'),
               userid('userid'),
               userid:connect('connect info'),
               userid:revoke('REVOKED USER',hb),
               userid:revoke_inactive('INACTIVE USER',hb),
               userid:dfltgrp('user default group'),
               userid:instdata('user instdata')

    If you dislike the line at the top with field names, change the code to HEADER=CSV.  I added PL=0 to counter an older defect  in the HEADER parameter.
    The connect attributes are not exported in a single blob of data.  You could replace this by writing

    userid:useracs('auth'),
    userid:grprevok('REVOKED',hb),
    userid:grpspec('SPECIAL',hb),
    userid:grpoper('OPER'),
    userid:grpaudit('AUDITOR',hb),
    userid:grpadsp('ADSP',hb),
    userid:grpacc('GRPACC',hb),
    userid:grpuacc('uacc'),
    userid:cgrevkdt('revokedate'),
    userid:cgresmdt('resumedate'),

    instead of userid:connects

    I copied heavily from the CARLa code generated by RA.G, as follows.  Run a report in RA.G.  Inspect the group list and press F3.  Enter RESULTS in the command line and select COMMANDS.  This is the CARLa that produced the display.
    With recent maintenance in zSecure 2.4, you could also type =CO.L in the command line to jump to the last commands.

    Note, zSecure 2.3.1 is old, like 2018.  Many fixes and useful new capabilities have been added since, in zSecure 2.4.  This release will run fine on older releases of z/OS so (from a technology point of view) you don't to wait for z/OS 2.4 to upgrade zSecure.
    ------------------------------
    Rob van Hoboken
    ------------------------------


  • 5.  RE: CARLA output in CSV Format

    Posted Fri April 23, 2021 09:08 AM

    Thanks Rob.  I'll give the below a shot!

     

    Regards,

     

    Laura Bolz

    Security Access Services(SAS)

    Information Risk & Compliance Assurant Global Technology

    (651) 343-9086

    OOO

    Fri., May 21, 2021

     

     

     


     






  • 6.  RE: CARLA output in CSV Format

    Posted Mon April 26, 2021 08:56 AM

    Hi Rob,

     

    The below worked for the comma delimited file for groups. 

     

    As I don't have the CARLA code manual as yet, can you tell me how to produce an access list of users with access >=update?  I coded below and this worked so far:

    newlist type=racf pl=0 header=csv               

      select c=dataset s=base mask=ASG.OPS.**        

      sortlist profile('dataset'),                  

               depth('nexting'),                    

               userid('userid'),                    

               userid:Name,                         

               userid:dfltgrp('user default group') 

     

    Thanks!       

     

    Regards,

     

    Laura Bolz

    Security Access Services(SAS)

    Information Risk & Compliance Assurant Global Technology

    (651) 343-9086

    OOO

    Fri., May 21, 2021

     

     

     


     






  • 7.  RE: CARLA output in CSV Format

    Posted Mon April 26, 2021 09:26 AM
    Edited by Rob van Hoboken Mon April 26, 2021 09:30 AM
    The field USERID in RACF DATASET profiles contains the USERID and GROUP names from PERMITs issued for the profile.  zSecure adds the ACL compound field to make more sense of the permits.  The SUBSELECT ACL function can be used to suppress entries from the report, for example, the NONE and READ permits.  ACL(RESOLVE) calculates how connect groups and user specific permits together arrive at the access level a user enjoys.

    So, if you want to see the USER IDs that have access, you use

    newlist type=racf pl=0 header=csv
      define acl_update_users(resolve) subselect acl(access>read user=*)
      select c=dataset s=base mask=sys1.** acl(access>read)
      sortlist profile('dataset'),
         acl_update_users(aclid,'userid'),
         acl_update_users(aclaccess,'access'),
         acl_update_users:Name,
         acl_update_users:dfltgrp('user default group')

    You will see the dataset field filled in only seldomly.  That is due to the way repeated fields in profile reports are printed.  The non-repeated fields are printed once, at the beginning of the data about a profile, all but the first the value of the repeated fields stand alone on the output line.   You can have the non-repeated fields on all lines by adding RETAIN on the NEWLIST command.

    Also, you will see profiles WITHOUT obvious acl information.  That could be due to the data set having no permits, or due to no users or groups having UPDATE.  You cannot suppress these lines.

    Finally, note that your mask=ASG.OPS.** selects all profiles that match this mask.  If you want ONLY one profile that matches this value EXACTLY, use profile=ASG.OPS.**

    ------------------------------
    Rob van Hoboken
    ------------------------------