List of Contributions

Adam Klinger

Contact Details

My Content

1 to 20 of 43 total
Posted By Adam Klinger Oct 13, 2020 7:58 AM
Found In Egroup: IBM Security Z Security
\ view thread
Sure Rob, one use-case which came up was mass deleting expired certificates, such as using RA.5.1 to filter on certificates which expired past a certain date, then using the "Forall" command to generate Deletes. Block "DD" support would work just as well for this one really. I can see using this technique ...
Posted By Adam Klinger Oct 9, 2020 11:08 AM
Found In Egroup: IBM Security Z Security
\ view thread
Thanks Jeroen, figured that was the case. I will think about if an RFE is warranted and how to word that. For now, some stand-alone CARLa did the trick to build commands based on similar panel-driven criteria. ------------------------------ Adam Klinger ------------------------------
Posted By Adam Klinger Oct 9, 2020 9:41 AM
Found In Egroup: IBM Security Z Security
\ view thread
Greetings, I'm trying to see if the "FORALL" zSecure Command can be used to generate RACDCERT DELETE commands based on the results of a query in RA.5.1 (RACF --> RACDCERT --> Certificates) and the "Digital certificate labels" field as it's needed for the commands. When trying to use !KEY, this ...
Posted By Adam Klinger Sep 28, 2020 11:47 AM
Found In Egroup: IBM Security Z Security
\ view thread
Greetings, The "ACL" field in newlist type=RACF has these 4 Output fields: User Access ACL id When. I'm looking to extract these into individual fields. What's the best way to go about this? I've been able to do something like below to get two of the fields (aclid and aclaccess); define sub_acl subselect ...
Posted By Adam Klinger Sep 11, 2020 8:03 AM
Found In Egroup: IBM Security Z Security
\ view thread
Thanks Guus, you confirmed my thinking in that Command Verifier wouldn't be involved in the EXTRACT function of IRRXUTIL ------------------------------ Adam Klinger ------------------------------
Posted By Adam Klinger Sep 10, 2020 8:46 AM
Found In Egroup: IBM Security Z Security
\ view thread
Greetings, We are looking to see if Command Verifier profiles such as C4R.LISTUSER.=AUDITOR can be used for r_admin extract function authorization, such as issuing: myrc=IRRXUTIL("EXTRACT","USER","BOBSID","USR") Instead of needing a RACF attribute such as ROAUDIT / AUDITOR / SPECIAL, Group AUDITOR ...
Posted By Adam Klinger Aug 3, 2020 8:00 AM
Found In Egroup: IBM Security Z Security
\ view thread
Thanks -- exactly what I'm looking for! ------------------------------ Adam Klinger ------------------------------
Posted By Adam Klinger Jul 31, 2020 3:54 PM
Found In Egroup: IBM Security Z Security
\ view thread
Does CARLa have a function that will display a specific literal when a field is blank, but the contents of the field if it is not blank? Best I've come up with is defining a field for the "missing" condition, then doing a concatenation on the output with that field + the checking field, something ...
Posted By Adam Klinger Jul 21, 2020 2:58 PM
Found In Egroup: IBM Security Z Security
\ view thread
Greetings -- is there anything in Command Verifier which could assist us with the below? We see commands executed with for example Class OPERCMDS Profile MVS.VARY*.** but in instances where we see a profile ending in "*.**" would like to change it to "*" so for example the above would be OPERCMDS MVS.VARY* ...
Posted By Adam Klinger Jul 9, 2020 9:29 AM
Found In Egroup: IBM Security Z Security
\ view thread
Thanks for the clarity. Trying this some more I believe I can use 2-pass CARLa to parse correctly based on the offsets being different for each record, but am having some trouble I believe based on the order of the records. Is there any way I can ensure each pass is processing them the same way? Here's ...
Posted By Adam Klinger Jul 2, 2020 3:47 PM
Found In Egroup: IBM Security Z Security
\ view thread
I'm working with some custom SMF records and attempting to use CARLa to parse through it. I'm able to get most of the way there but having some trouble with using functions to handle the Triplets. These fields are roughly defined like such: Field Length Type Detail Input ...
Posted By Adam Klinger Jun 17, 2020 7:56 AM
Found In Egroup: IBM Security Z Security
\ view thread
Yes, avoiding recursive loops makes perfect sense :) So in this instance is there any way to make it execute in effectively just one command? Not a big deal as I'm able to get the functionality I want, just would end up being many more RACF commands executed in total ------------------------------ Adam ...
Posted By Adam Klinger Jun 16, 2020 8:36 AM
Found In Egroup: IBM Security Z Security
\ view thread
I noticed in doing some testing for example if I set up these profiles: C4R.ALTUSER.=PRECMD.RESUME APPLDATA('ALTUSER &PROFILE(1) WHEN(DAY(ANYDAY) TIME(ANYTIME)) NOREVOKE RESUME') C4R.ALTUSER.=REPLACE.RESUME With ADAM in the access list for both profiles and issue an ALTUSER BOB RESUME, this will ...
Posted By Adam Klinger Jun 12, 2020 7:43 AM
Found In Egroup: IBM Security Z Security
\ view thread
Appreciate the thorough explanation! Confirmed my understanding ------------------------------ Adam Klinger ------------------------------
Posted By Adam Klinger Jun 12, 2020 7:42 AM
Found In Egroup: IBM Security Z Security
\ view thread
Thank you! This is what I figured based on the manual, but wanted to verify based on the USRDATA point ------------------------------ Adam Klinger ------------------------------
Posted By Adam Klinger Jun 11, 2020 1:59 PM
Found In Egroup: IBM Security Z Security
\ view thread
So I've taken a look at the following links: https://www.ibm.com/support/pages/explanation-how-rrsf-propagates-ckracf-command https://www.ibm.com/support/pages/rrsfdata-profiles-needed-userdata-update-propagation-ckgracf-commands The follow-up question I have is how does this come into play with the ...
Posted By Adam Klinger Jun 3, 2020 8:52 AM
Found In Egroup: IBM Security Z Security
\ view thread
Yes, I did take a look at that which is why I got as far as I did! My question is more directly related to the "Apply data reduction to historical data" section which specifies "If you wish to apply data reduction to old consolidated files, you have to read those with a consolidation job like so:" with ...
Posted By Adam Klinger Jun 3, 2020 7:55 AM
Found In Egroup: IBM Security Z Security
\ view thread
Greetings, I've been using a customized C2PAMMAP on the daily access monitor files with good results. I'm looking to expand this to the monthly consolidation process with the though of having C2PAMMAP execute on the "rolling 12 month" dataset when populated instead of having to run C2PAMMAP manually ...
Posted By Adam Klinger May 14, 2020 2:55 PM
Found In Egroup: IBM Security Z Security
\ view thread
Thanks! I see how this helps since "connects" isn't a repeat field. ------------------------------ Adam Klinger ------------------------------
Posted By Adam Klinger May 14, 2020 11:39 AM
Found In Egroup: IBM Security Z Security
\ view thread
Hello, I'm trying to use CARLa like such: NEWLIST TYPE=RACF PL=0 RETAIN SELECT CLASS=USER SEGMENT=CSDATA KEY=MYID sortlist key(8,'UserID') :CGGRPNM("Connect Group") $CSDKEY("Key Val")​ This provides me results like such: UserID Connect Key Val MYID MYGROUP 00000000​ However I only am able to ...