IBM Security Z Security

 View Only
  • 1.  Display User's Group Hierarchy

    Posted Fri May 15, 2020 11:12 AM
    We are migrating a lot of our batch reporting from TSS to RACF.   On the TSS ACID you can basically see the hierarchy of the user.  The user is owned by a Department, which is owned by a Division, which is owned by a Zone.   For us this basically shows the user's organizational structure.    So they have some reporting in TSS that shows something like:

    USERID          DEPT              DIV            ZONE
    USER123       Branch23     SEAST       RETAIL
    USER456       Branch67     NWEST      RETAIL

    Is there a way in Carla to list all users, but show the current owning group, and the superior groups above it.  Like the 2 superior groups above it?

    Thanks

    ------------------------------
    Linnea Sullivan
    ------------------------------


  • 2.  RE: Display User's Group Hierarchy

    Posted Sat May 16, 2020 05:55 AM
    Hi Linnea,

    Interpreting "owning group" as the value of OWNER, you could do something like this:

    n
    s c=user s=base
    x mask='irr*' /* omit irr* certificate anchors */
    sortlist key(8 "USERID") key:owner("DEPT"),
    key:owner:supgroup("DIV") key:owner:supgroup:supgroup("ZONE")

    (If by "owning group" you meant a more complex relationship, something else will be needed.)

    On a related note, when designing reports by department and such, some of the hints documented with the BUNDLE command in the CARLa Command Reference can be helpful.

    Regards,

    --Jeroen

    ------------------------------
    Jeroen Tiggelman
    Software Development and Level 3 Support Manager IBM Security zSecure Suite
    IBM
    Delft
    ------------------------------



  • 3.  RE: Display User's Group Hierarchy

    IBM Champion
    Posted Thu May 21, 2020 11:40 AM
    Edited by Rob van Hoboken Sat May 23, 2020 11:25 AM
    If your user ids are in a specific part of the group tree, you can also experiment with the group tree report in RA.3.8, from an UNLOAD.  Click on "include users/subgroups" for best effect.

    ------------------------------
    Rob van Hoboken
    ------------------------------