My novice code:

  DEFINE ACEID("ACEID",CHAR) AS SUBSTR(INSTDATA,172,6) WHERE CLASS=USER                                
  DEFINE ADJPAY AS PARSE(CGGRPNM,'@ADJ',' ') WHERE CLASS=USER                                          
  DEFINE DDE AS PARSE(CGGRPNM,'@DDE@',' ') WHERE CLASS=USER                                            
 NEWLIST N=BASEU1 SEGMENT=BASE REQUIRED ALLOWRESTRICT NOPAGE                                           
  SELECT S=BASE C=USER  CGGRPNM=(@ADJPAY,@DDE)                                                         
  SORTLIST KEY(8,TRUNC), ACEID(7,TRUNC), ADJPAY(2,TRUNC), DDE(2,TRUNC), CGGRPNM(SORT,HOR,WORDWRAP,60)  

Trying to get output that looks like:

 BCD6F0   BCD6F0  PA H1        #HQEMRS @ADJPAY @DDE@H1 USPS#690

Getting output  that looks like:

 BCD6F0   BCD6F0        #HQEMRS @ADJPAY @DDE@H1 USPS#690
                  PA                                    
                     H1                                 
                                                        

It looks like I get a separate line for everygroup including ones that don't match my criteria.

                                 
                                                        

------------------------------
Steve Weaver
z/OS Systems Programmer
US Postal Service
San Mateo CA
510-377-1138
------------------------------

Hi Steve

The field CGGRPNM that you've used represents the list of connect groups, so it can (and probably) will contain more than one entry.  This is referred to as a repeat field.  The SELECT command (SELECT CGGRPNM=(@ADJPAY,@DDE)) selects the entire user profile if the user is connected to either @ADJPAY or to @DDE, including the list of all connect groups.

If you wanted to prune down the list of connect groups for a selected user, you would have to use the DEFINE SUBSELECT command, like so:

newlist type=racf
  define onlyDDEgroups subselect connects(group=@dde@*)
  define onlyADJgroups subselect connects(group=@adj*)
  SELECT S=BASE C=USER  CGGRPNM=(@ADJPAY,@DDE)
  sortlist profile(8,"Userid") onlyDDEgroups(8) onlyADJgroups(8)

Unfortunately, you cannot apply PARSE or SUBSTR to the result of SUBSELECT, so you're stuck with the whole 8 character group name, or left aligned truncation.

Now, if you print the CGGRPNM field, or a defined field based on CGGRPNM (like your ADJPAY and DDE fields), the result is a stack of values.  CARLa offers a modifier to show only the first value of the repeat field: FIRSTONLY.

Also, CARLA has a SORT modifier that can be used on repeat fields, it works on the internal value of the field.  I do not remember if a defined field with PARSE stores the parse output as an internal value, or if it re-calculates this for the SELECT command and again for the SORTLIST command, but you can try.

newlist type=racf
  DEFINE ADJPAY AS PARSE(CGGRPNM,'@ADJ',' ') WHERE CLASS=USER                                          
  DEFINE DDE AS PARSE(CGGRPNM,'@DDE@',' ') WHERE CLASS=USER                                            
  SELECT S=BASE C=USER  CGGRPNM=(@ADJPAY,@DDE)
  sortlist profile(8,"Userid") adjpay(sort(descending),firstonly) dde(sort(descending),firstonly)

Sorry, you'll have to test this yourself, I no longer have access to a z/OS.

------------------------------
Rob van Hoboken
------------------------------

Original Message:
Sent: Thu January 04, 2024 03:06 PM
From: Steve Weaver
Subject: CARLA output going to multiple lines

My novice code:

  DEFINE ACEID("ACEID",CHAR) AS SUBSTR(INSTDATA,172,6) WHERE CLASS=USER                                
  DEFINE ADJPAY AS PARSE(CGGRPNM,'@ADJ',' ') WHERE CLASS=USER                                          
  DEFINE DDE AS PARSE(CGGRPNM,'@DDE@',' ') WHERE CLASS=USER                                            
 NEWLIST N=BASEU1 SEGMENT=BASE REQUIRED ALLOWRESTRICT NOPAGE                                           
  SELECT S=BASE C=USER  CGGRPNM=(@ADJPAY,@DDE)                                                         
  SORTLIST KEY(8,TRUNC), ACEID(7,TRUNC), ADJPAY(2,TRUNC), DDE(2,TRUNC), CGGRPNM(SORT,HOR,WORDWRAP,60)  

Trying to get output that looks like:

 BCD6F0   BCD6F0  PA H1        #HQEMRS @ADJPAY @DDE@H1 USPS#690

Getting output  that looks like:

 BCD6F0   BCD6F0        #HQEMRS @ADJPAY @DDE@H1 USPS#690
                  PA                                    
                     H1                                 
                                                        

It looks like I get a separate line for everygroup including ones that don't match my criteria.

                                 
                                                        

------------------------------
Steve Weaver
z/OS Systems Programmer
US Postal Service
San Mateo CA
510-377-1138
------------------------------

By the way, connect groups in RACF are primarily used for access control (and administrative ownership of profiles).  Groups were not meant for assigning attributes to users, like department or job role, unless those attributes are also associated with access to resources.

RACF has the ability to store arbitrary attributes in user, group and resource profiles through custom fields.  Jobrole, pay grade, phone number, legacy ACEID, could all be stored in such custom fields.  See RACF manual. 

zSecure can add the content of custom fields into profile (sortlist/display) reports.  If you have a custom field DDE (defined with a CFIELD profile), you can print it using an indirect reference (implicit lookup) like so

newlist type=racf
select class=user seg=base cggrpnm=*@dde@*
sortlist profile(8,"Userid") :dde

Note, you cannot use the custom field name in the SELECT command for BASE segments, you must use the CSDATA segment instead:

newlist type=racf
  select class=user seg=csdata dde=h1
  sortlist profile(8,"Userid") dde :name

Note, this prints only the CSDATA segment, so DDE is recognized as field name (without the lookup operator).  However, if you need to print the programmer name, you must use lookup.

Custom fields are a great alternative for structured installation data fields.

------------------------------
Rob van Hoboken
------------------------------

Excellent.  I adapted the second method:

NEWLIST TYPE=RACF N=BASEU1 SEGMENT=BASE REQUIRED ALLOWRESTRICT NOPAGE                                            
  DEFINE ACEID("ACEID",CHAR) AS SUBSTR(INSTDATA,172,6) WHERE CLASS=USER                                          
  DEFINE ADJPAY AS PARSE(CGGRPNM,'@ADJ',' ') WHERE CLASS=USER                                                    
  DEFINE DDE AS PARSE(CGGRPNM,'@DDE@',' ') WHERE CLASS=USER                                                      
  SELECT S=BASE C=USER  CGGRPNM=(@ADJPAY,@DDE@*)                                                                 
  SORTLIST PROFILE(8,"USERID") ACEID(7,TRUNC) ADJPAY(SORT(DESCENDING),FIRSTONLY) DDE(SORT(DESCENDING),FIRSTONLY) 

Which gave me output like:

SN0137   KCMZFW  PAY      H1

Thank you very much.

------------------------------
Steve Weaver
z/OS Systems Programmer
US Postal Service
San Mateo CA
510-377-1138
------------------------------

Original Message:
Sent: Fri January 05, 2024 05:36 AM
From: Rob van Hoboken
Subject: CARLA output going to multiple lines

By the way, connect groups in RACF are primarily used for access control (and administrative ownership of profiles).  Groups were not meant for assigning attributes to users, like department or job role, unless those attributes are also associated with access to resources.

RACF has the ability to store arbitrary attributes in user, group and resource profiles through custom fields.  Jobrole, pay grade, phone number, legacy ACEID, could all be stored in such custom fields.  See RACF manual. 

zSecure can add the content of custom fields into profile (sortlist/display) reports.  If you have a custom field DDE (defined with a CFIELD profile), you can print it using an indirect reference (implicit lookup) like so

newlist type=racf
select class=user seg=base cggrpnm=*@dde@*
sortlist profile(8,"Userid") :dde

Note, you cannot use the custom field name in the SELECT command for BASE segments, you must use the CSDATA segment instead:

newlist type=racf
  select class=user seg=csdata dde=h1
  sortlist profile(8,"Userid") dde :name

Note, this prints only the CSDATA segment, so DDE is recognized as field name (without the lookup operator).  However, if you need to print the programmer name, you must use lookup.

Custom fields are a great alternative for structured installation data fields.

------------------------------
Rob van Hoboken
------------------------------

Glad to hear that SORT(DESCENDING) and FIRSTONLY work in tandem and in the right order.  Some possible improvements:

• you really don't need the bunch of options on the NEWLIST command, most only make sense in the ISPF interface.  And you want an error message if RESTRICTED mode would blank one of the fields you rely on.
• move these 2 modifiers into the DEFINE commands, thus keeping the (often several) SORTLIST commands short and sweet.
• use the overriding length modifier to squeeze out trailing blanks in these fields.
• you probably don't need TRUNC.
• you don't need the WHERE CLASS=USER in the last 2 DEFINE commands because field name CGGRPNM only occurs in USER profiles, but it acts as sort of self-documenting redundancy.  Similarly, you don't need the SEG=BASE in the select command, because CGGRPNM is in the base segment, so the SELECT is implicitly limited to base segments.

NEWLIST TYPE=RACF N=BASEU1 NOPAGE                                            
  DEFINE ACEID("ACEID",CHAR,7) AS SUBSTR(INSTDATA,172,6) WHERE CLASS=USER                                          
  DEFINE ADJPAY(3,SORT(DESCENDING),FIRSTONLY) AS PARSE(CGGRPNM,'@ADJ',' ')
  DEFINE DDE(2,SORT(DESCENDING),FIRSTONLY) AS PARSE(CGGRPNM,'@DDE@',' ')
  SELECT S=BASE C=USER  CGGRPNM=(@ADJPAY,@DDE@*)                                                                 
  SORTLIST PROFILE(8,"USERID") ACEID ADJPAY DDE

------------------------------
Rob van Hoboken
------------------------------