IBM Security Z Security

 View Only
  • 1.  How to resolve CKR1348 to report on Custom Fields via XML

    Posted Thu September 16, 2021 10:12 AM
    This is the 1st time I have tried using fileformat=xml.   My report has a mix of fields from the base segment and some from the CSDATA segment.   It seems for all my CSDATA segment fields I am getting the message "CKR1348 12 XML field element name $NAPPOWN invalid XML name - at SYSIN line 37"

    From reading the details on CKR1348 it seems the "$" in the field name may be causing an issue.     With our organization we have a number of fields in the CSDATA segment.   We began all those fields with a "$" to ensure it would not conflict with current or future fields to could be introduced by IBM into RACF.

    Is there a way to still report on my CSDATA fields with XML?     Can I put some statements in my CARLA that basically says XFIELD1 = $FIELD1 and do that for each of the fields in my report.   I would use the "new" XFIELD1 name in my SORTLIST.


    ------------------------------
    Linnea Sullivan
    ------------------------------


  • 2.  RE: How to resolve CKR1348 to report on Custom Fields via XML

    IBM Champion
    Posted Thu September 16, 2021 11:32 AM
    Edited by Rob van Hoboken Thu September 16, 2021 11:35 AM
    XML elements cannot contain a $ sign.  That is not a zSecure/CARLa limitation, but part of the XML standard.

    You must use DEFINE _NAPPOWN AS $NAPPOWN or something similar, and then use _NAPPOWN in your sortlist command.
    Also, literals in SORTLIST commands are not supported for an XML output file.  You can use a dummy boolean field that generates a fixed text, like so

    define my_fixed_value(str$blank("This is a fixed value"),0) true
    sortlist key my_fixed_value

    Or stick with CSV, CSVT or (my favorite) TSVT.
    ------------------------------
    Rob van Hoboken
    ------------------------------


  • 3.  RE: How to resolve CKR1348 to report on Custom Fields via XML

    Posted Thu September 16, 2021 12:20 PM
    ​Thanks, that seemed to work just fine.   Well the job ran successfully.
    It generated the C2REMAIL DD name, but so far I have not seen the email arrive.

    fileoption dd=C2REMAIL fileformat=XML xml_datadict,
    xml_stylesheet=imbed(m=C2RXSL01) encoding=UTF-8
    option mailto=linnea.g.sullivan@wellsfargo.com,
    from=racfmigration@wellsfargo.com outputformat=ATTACH

    CKR1225 00 Email CSDATAU1 at SYSIN line 27 sent to <linnea.g.sullivan@wellsfargo.com>, subject: Listing of Non-Human IDs/Service Acc
    P R I N T S U M M A R Y 16 Sep 2021 11:13 page 5

    Source file/member/lineno Type Records Output file/page Name Title
    SYSIN 17 racf 0 C2REMAIL SELSEGM
    SYSIN 27 racf 9815 C2REMAIL CSDATAU1 Listing of Non-Human IDs/Service Accounts +
    in RACF

    ------------------------------
    Linnea Sullivan
    ------------------------------



  • 4.  RE: How to resolve CKR1348 to report on Custom Fields via XML

    IBM Champion
    Posted Thu September 16, 2021 02:21 PM
    Edited by Rob van Hoboken Mon September 20, 2021 06:59 AM
    This CARLa program relies on JCL parameters to specify how JES2 is going to set up the spool data set for C2REMAIL.  Otherwise, the data set just sits in spool, as it does in your case.  An email data set in spool has to be processed by the CSSMTP started task that (has to) run(s) somewhere in your JES2 network.  Typically, you would see JCL that sets the WRITERID to CSSMTP using

    //C2REMAIL DD SYSOUT=(B,CSSMTP)

    or

    //C2REMAIL DD SYSOUT=(B,CSSMTP),DEST=JES2MAIN.CSSMTP

    Alternatively, you can specify where CSSMTP lives with a CARLa command

    OPTION SMTPCLASS=B SMTPNJENODE=JES2MAIN SMTPWRITER=CSSMTP  

    or, if you have CSSMTP running on substantially all JES2 nodes:

    OPTION SMTPCLASS=B SMTPWRITER=CSSMTP  

    Some installations use the old WRITERID SMTP instead of CSSMTP, and another CLASS value instead of B.  Non-English languages may require use of SMTPATSIGN to match the value specified in the CSSMTP configuration.

    See: ExtWrtName statement and  Options statement

    ------------------------------
    Rob van Hoboken
    ------------------------------


  • 5.  RE: How to resolve CKR1348 to report on Custom Fields via XML

    Posted Sun September 19, 2021 11:47 AM
      |   view attached
    And in case CSSMTP may not be your designated name for your SMTP writer, you can used this technique to determine what it is (many customers adjust default names)
     
    Basically, as shown in attached pdf
     
    1. Run type=as to determine STC name
    Newlist type=as
    Select program=cssmtp
    Sortlist system jobname
    2. Issue a DISPLAY command to get writer name (xxxxx = jobname from step 1)
    /F xxxxx,DISPLAY,CONFIG
    Look for line EXTWRTNAME after EZD1829I message
    EXTWRTNAME.        :  yyyyyy    HOST NAME:  lab1
     
    yyyyy is -your- SMTP writer name
     





    Attachment(s)



  • 6.  RE: How to resolve CKR1348 to report on Custom Fields via XML

    Posted Mon September 20, 2021 03:19 AM
    When setting up CSSMTP it is possible to specify:
    ExtWrtName SMTP
    in the CSSMTP config file so you do not have to change the CARLa code, or alert configuration etc. which already have SMTP as the SMTP writer name.

    ------------------------------
    Mike Riches
    ------------------------------



  • 7.  RE: How to resolve CKR1348 to report on Custom Fields via XML

    Posted Fri September 24, 2021 04:55 PM
    To ensure I has my OPTION set correctly, I know I can send emails via the zSecure panels, so I looked at the OPTION statement that the panels generate.  So I used:

    fileoption dd=C2REMAIL fileformat=XML xml_datadict,
    xml_stylesheet=imbed(m=C2RXSL01) encoding=UTF-8
    option smtpclass=C smtpwriter=CSSMTP smtpatsign=@,
    mailto=linnea.g.sullivan@wellsfargo.com,
    from=racfmigration@wellsfargo.com outputformat=ATTACH

    But that did not seem to help, the job runs successfully but no output is emailed.   I took your other suggestion and changed my C2REMAIL JCL statement to //C2REMAIL DD SYSOUT=(C,CSSMTP)
    That did send me an attached .xml file.

    It took a bit of trial and error to get excel to process the xml file, but finally got it.

    ------------------------------
    Linnea Sullivan
    ------------------------------