IBM Security Z Security

 View Only

  • 1.  Carla for displaying the group members connected

    Posted Wed July 10, 2024 04:33 PM
    Reply

    I am inquiring about the exact CARLA to run this report. I tried this Carla below and getting a syntax error.

     newlist type=racf_access title="Groups and their members"
     select class=group group=(noncncl)                       
     summary profile(8,"Group") count * id("User id")         

    CKR0425 12 Field "GROUP" to be processed not valid for NEWLIST TYPE=RACF_ACCESS 
    CKR0000 12 CKRCARLA terminated due to input errors                              



    ------------------------------
    Floyd Womble
    Senior Identity and Access Management Engineer | Enterprise Information Protection (EIP) | Access Management - Mainframe

    Humana
    T 951.813.1822
    fwomble@humana.com
    ------------------------------


  • 2.  RE: Carla for displaying the group members connected

    Posted Thu July 11, 2024 02:14 AM
    Reply

    Hi Floyd, 

    I cannot quite follow what you would like to be reported with your CARLa program. What's your goal? 

    The syntax error explains that for newlist type RACF_ACCESS, the variable GROUP that you use in your select statement does not exist. You cannot filter on a field that a newlist type does not support!

    Can you elaborate what you want to achieve with your CARLa program?



    ------------------------------
    Tom Zeehandelaar
    z/OS Security Enablement Specialist - zSecure developer
    IBM
    ------------------------------

    Original Message


  • 3.  RE: Carla for displaying the group members connected

    Posted Thu July 11, 2024 02:50 AM
    Reply

    Floyd needs to create a report of user IDs connected to a group NONCNCL.  He uses RACF_ACCESS, probably because it is easier to select/exclude user IDs from the report?

    In RACF_ACCESS the profile key is PROFILE, and when you select with CLASS=GROUP, the profile key contains the group name.  So the query should be

    newlist type=racf_access title="Groups and their members"
     select class=group profile=noncncl                      
     summary profile(8,"Group") count * id("User id")  

    You probably also want to suppress the count value (of user IDs in the group) and add the name of the users, like so:

    newlist type=racf_access title="Groups and their members"
     select class=group profile=noncnc)                       
     summary profile(8,"Group") count(nd) * id("User id")  id:name

    Others may use the more basic RACF newlist, with a longer range of connect attributes shown, like so

    newlist type=racf title="Groups and their members"
     select class=group profile=noncncl                      
     sortlist profile(8,"Group") connects



    ------------------------------
    Rob van Hoboken
    ------------------------------

    Original Message