IBM Security Z Security

 View Only
Expand all | Collapse all

List production Userids which are revoked

  • 1.  List production Userids which are revoked

    Posted Wed May 13, 2020 07:20 AM
    ​Hello ALL,
    I use this short caral to list all production users which are revoked:

    newlist type=racf,                  
     TT='List revoked functional userids'
     s c=user s=base mask=I*W*          
     exclude mask=irr*                  
     sortlist profile(8,"Userid"),      
         revoked

    How can I get only the revoked userids and built automatically the following command to resume the revoked userids?

    ALU xxxxxxxxx RESUME

    Thank you for your help
    Rachid
    Bonjour

    ------------------------------
    [Rachid B.] [Kebbi]
    [Security Administrator]
    [C&A]
    [Düsseldorf/Germany]
    ------------------------------


  • 2.  RE: List production Userids which are revoked

    Posted Wed May 13, 2020 08:11 AM
    Hi Rachid,

    adjusting your CARLa program as follows should satisfy that requirement:

    newlist type=racf nopage dd=ckrcmd,
    s c=user s=base mask=I*W* revoke
    exclude mask=irr*
    sortlist "ALU" profile(0) "RESUME"

    Notes:
    • Keyword NOPAGE in the newlist statement suppresses the standard page layout characteristics (page titles, column headers, page numbers) from your output.
    • Note that I have removed your toptitle specification as that is suppressed by the NOPAGE keyword anyway.
    • DD=CKRCMD redirects the output of your CARLa program to work data set CKRCMD. When your program generates ALU ... RESUME commands, you will automatically end up in the CKRCMD work data set after running the CARLa program. Here, you can review and, optionally, adjust or delete the generated RACF commands before execution. When you press F3, you end up on the RESULTS panel. From here, you can specify line command R (to run the commands in the foreground) or J (to submit a batch job to run them).
    • In the SELECT statement, I have added the filter REVOKE to only select user profiles that are revoked.
    • In the SORTLIST statement, I generate the RACF keywords ALU and RESUME as literal strings by putting double quotes around. The PROFILE(0) specification generates the name of the selected user IDs without the trailing blanks. Length output modifier (0) means that trailing blanks should not be printed.
    I hope this helps.
    Regards, Tom Zeehandelaar

    ------------------------------
    Tom Zeehandelaar
    z/OS Security Enablement Specialist - zSecure developer
    IBM
    Delft
    +31643351728
    ------------------------------