Hi José,
Yes, indeed it is possible to use this RECREATE user ID process via batch. The SCKRCARL member that is named CKRXRUS can be used for this purpose. One way of creating such a batch job using the zSecure user interface that performs a RECREATE of a user ID is as follows:
- Make sure that you allocate the UNLOAD data set containing the user ID that you want to recreate as input in Setup files (option SE.1).
- Next, access the CARLa editor with primary command CARLa or use option CO.C and enter the following CARLa code:
newlist type=racf name=idsel outlim=0
select class=user key=<-- type the user ID to be recreated here!
sortlist class key
i m=ckrxrus
- The first 3 lines determine the user ID(s) that are to be recreated and assigns the name IDSEL (for ID selection).
- This IDSEL pre-selection is passed on as input for member CKRXRUS.
- The outlim=0 specification means that you do not want this newlist to produce output.
- The select statement defines which user ID is to be recreated.
- When you want to recreate multiple user IDs simultaneously, you can code it as "select class=user key=(user1,user2,user3, etc.)"
- The sortlist feeds class "user" and the name of the user ID to member CKRXRUS to process.
- The "i m=ckrxrus" statement includes the member named CKRXRUS from the allocated SCKRCARL library.
- Enter command SUBMIT (or SUB) to indicate that you want to run this CARLa in the background.
- This command shows the "Submit menu". Here, you can add a valid job card for the job on your system. Use option 3, for Submit, to run the recreate job. If all is well, the job produces the appropriate RACF commands to recreate your selected user ID. Optionally, you can add an extra step that executes the generated commands.
- Alternatively, you can use option 2, for Edit, that allows you to edit, (cleanup JCL to your desired standard,) and save the job as a recreate user ID job in your company's job library for future use.
Regards, Tom
------------------------------
Tom Zeehandelaar
z/OS Security Enablement Specialist - zSecure developer
IBM
Delft
+31643351728
------------------------------
Original Message:
Sent: Tue March 09, 2021 05:46 AM
From: José Villela Ribeiro Júnior
Subject: How to execute CARLa COPY commands after a SORTLIST ?
Hi Tom,
I agree with your considerations and concerns using COPY commands copying from multiple to a specific user ID. It was my first idea to have "backup commands" to recreate deleted user IDs when necessary.
In this first solution idea I would to avoid using RACF Backup or UNLOAD to do this , including some additional steps via zSecure Online. due to that solution would be done via batch jobs.
Now , based on solution to use RACF UNLOAD created daily via GDG, is it possible to use RECREATE process via batch ?
Thanks Tom.
Jose Villela
------------------------------
José Villela Ribeiro Júnior
Original Message:
Sent: Tue March 09, 2021 03:45 AM
From: Tom Zeehandelaar
Subject: How to execute CARLa COPY commands after a SORTLIST ?
Hi José,
frankly, I have no clue why you would want to do this?
Even if you could find a way to successfully bypass the CKR0535 and CKR0536 messages and generate copy commands resulting from multiple user IDs to a single target user ID. Then, you would not know which were the original user IDs that contributed to these commands for the target user ID, "USERBP" in your scenario. There would be no way to restore a contributing deleted user ID to its original state using the RACF command generated for "USERBKP".
Furthermore, recreating/copying an (unintentionally) deleted user ID can easily be performed when you keep RACF backups and/or zSecure UNLOAD data sets that still contain the original user ID that is deleted from the primary active RACF db. When you allocate on of these input sources to your CARLa script, it would be easy to restore that deleted user ID in it's original state.
I guess what I am failing to see is what is the goal of your CARLa script, what business problem are you trying to solve?
HTH Tom
------------------------------
Tom Zeehandelaar
z/OS Security Enablement Specialist - zSecure developer
IBM
Delft
+31643351728
Original Message:
Sent: Sun March 07, 2021 03:29 PM
From: José Villela Ribeiro Júnior
Subject: How to execute CARLa COPY commands after a SORTLIST ?
Hi guys,
I have a CARLa script that is creating CARLa COPY commands in the Sortlist.
How can I run these CARLa commands in the same or another CARLa script ?
The CARLa script is :
select c=user s=base cggrpnm=consult
sortlist " COPY USER=" | key(0) " TOUSER=USERBKP"
In the second step I need to "bypass" CARLa restriction to COPY differents User ids to the same same id , in this case USERBKP.
I've tried use the suppress message(0535,536) , but it doesn´t "bypass" that restriction.
The intention is to create all RACF commands to recreate an deleted userid. The delete reason is to follow the customer procedure to delete revoked ids after 30 days. But , we know , they want to save the user id settings to recreate it if necessary.
Do you have any idea how to do this using CARLa ? By COPYING ou another way ?
Thanks
Jose Villela
------------------------------
José Villela Ribeiro Júnior
------------------------------