IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Select users/groups without a segment

    Posted Tue December 19, 2023 10:22 AM

    L.s

    I think I have a simple question. It is simple to select all users or groups with a Custom data field. But how to select users or groups without that segment.

    Stan



    ------------------------------
    Stan van OERS
    ------------------------------


  • 2.  RE: Select users/groups without a segment

    Posted Tue December 19, 2023 10:40 AM

    Hi Stan,

    In RA.U you can use the Additional selection criteria, more specifically for Segment Absence:

    Additional selection criteria                                            
_  Other fields       _  Attributes       _  Segment presence  /  Absence

    Then you select CSDATA from the list.

    If you go to the RESULTS panel to look at the generated query, you should see something like this:

    000001 n segment=CSDATA n=exclsegm outlim=0                                    
000002   s c=user segment=CSDATA                                               
000003   sortlist segment                                                      
000004 n rds notproflist=exclsegm  required allowrestrict i=base segment=BASE, 
000005  n=baseud t=:t1,                                                        
000006   st='All users with no segment CSDATA',                                
000007   sumhelppanel=CKRT3SBP,                                                
000008   nodetailinherit helppanel=c2rt3utd detailhelppanel=c2rt3ude           
000009  s s=base c=user

    So essentially, you create a dummy newlist in which you select the users with a CSDATA segment, and then specify on a second newlist that you want to exclude those users from the output you generate there.

    The first newlist generates no output because of OUTLIM=0. The newlists are linked through the name of the first newlist, in this case EXCLSEGM, and the NOTPROFLIST keyword excludes on the profile (not just segment!) level from the second newlist whatever was present in the first one.

    (PROFLIST and NOTPROFLIST are specific to working with RACF profiles, and behave unlike LIKELIST in that they generalize from the segment to the profile level like this.)

    Regards,



    ------------------------------
    Jeroen Tiggelman
    IBM - Software Development Manager IBM Security zSecure Suite
    Delft
    ------------------------------

    Original Message


  • 3.  RE: Select users/groups without a segment

    Posted Tue December 19, 2023 10:50 AM

    Hoi Stan

    You can see an example of this process in RA.U when you build a list of users with an absent segment: see the "Segment presence   Absence" tabs in this subsection of the manual.

    In essence you have 2 newlists, linked by the PROFLIST parameter like so

    newlist type=racf NAME=CSDATAS outlim=0
      select class=user segment=csdata
      sortlist key
    newlist type=racf NOTPROFLIST=CSDATAS title="These users lack custom data" 
      select class=user segment=base
      sortlist key(8) name



    ------------------------------
    Rob van Hoboken
    ------------------------------

    Original Message


  • 4.  RE: Select users/groups without a segment

    Posted Fri December 22, 2023 08:22 AM

    Rob and Jeroen,

    Thanks for your reply. I can continue with this

    Stan



    ------------------------------
    Stan van OERS
    ------------------------------

    Original Message


Related Content