That is helpful, thanks.
Original Message:
Sent: Mon May 13, 2024 02:25 AM
From: Tom Zeehandelaar
Subject: CARLa getting group information from class=facility requires two passes?
Hi David,
I am not really sure why you use a DEFINE statement for this report. Also, you code MASK= whereas your filter does not contain a mask, so coding KEY= would make more sense. For what it is worth, the following code should produce the same results:
newlist nopage
select s=base class=facility key=IRR.PASSWORD.RESET
sortlist acl(8,resolve,sort) acl:name acl:dfltgrp
Hope you find this helpful
------------------------------
Tom Zeehandelaar
z/OS Security Enablement Specialist - zSecure developer
IBM
Original Message:
Sent: Wed May 08, 2024 01:56 PM
From: David Low
Subject: CARLa getting group information from class=facility requires two passes?
This got me what I needed, Thanks!
newlist nopage
select s=base class=facility mask=IRR.PASSWORD.RESET
define rscusr(8,resolve,sort) subselect acl(user=*)
sortlist rscusr rscusr:name rscusr:dfltgrp
------------------------------
David Low
Original Message:
Sent: Wed May 08, 2024 11:38 AM
From: Hans Schoone
Subject: CARLa getting group information from class=facility requires two passes?
I suggest you look at the ACL formats like ACL(RESOLVE) or ACL(RESOLVE,UNIVERSAL) and ACL(EFFECTIVE).
See https://www.ibm.com/docs/en/szs/3.1.0?topic=introduction-access-list-display-modes-reference-material
------------------------------
Hans Schoone
Chief Architect zSecure
IBM - zSecure architect
Delft
Original Message:
Sent: Wed May 08, 2024 11:34 AM
From: David Low
Subject: CARLa getting group information from class=facility requires two passes?
Hello, I'd like to find the most efficient way to get group information from a class=facility profile, hoping someone will school me on this. In my example below I'm listing out groups in a particular class=facility profile:
newlist nopage
select s=base class=facility mask=IRR.PASSWORD.RESET
sortlist acl(aclid)
This will only get me the group ids but I'd like to get a list of all the users from the listed groups. I don't think I can get that information in one pass. So my thinking is I'll need to generate CARLa select statements like below and run it in the next pass:
newlist nopage
select class=group segment=base mask=group_1
select class=group segment=base mask=group_2
select class=group segment=base mask=group_nn
define grpusr(8) subselect connects(user=*)
sortlist grpusr(sort) grpusr:name grpusr:dfltgrp
Is there a better way to accomplish this?
------------------------------
David Low
------------------------------