Hi Everyone,

Have a need to generate commands to backup/recreate multiple USERIDs in a single JCL STEP.  Built the CARLA based on what zSecure produces via RA.4.6 with most of the options enabled (relying heavily on the same IMBEDs used by the panels).  Works fine for a single ID.

Was hoping to create a separate series of NEWLISTs for each ID that requires a backup, mostly so the output file is neatly organized (realize I could just include multiple USERIDs in each SELECT).

Problem is that I get a CKR0391 when the CARLA for the second USERID in the list begins to run.  Should have seen that coming.  Know I'd need to keep the NAME= values that are expected by the various IMBED statements I'm pulling in from the .SCKRCARL library for them to function.

Is there a workaround for this situation that I'm missing?  Multiple JCL steps aren't an option.  I'll re-code with multiple values per SELECT if needed, it's just not ideal.

------------------------------
Steven Hoover
------------------------------

Hi Steven,

No, unfortunately, there is no workaround for using duplicate NEWLIST names in your CARLa job. The following options exist for your challenge:

• You can assign different names to the NEWLISTs for each user ID that you wish to recreate in the same job, but then you will also have to adjust all LIKELIST statements that refer to these NEWLISTs. I do not think that this is a solution that you are looking for as this is more work than re-coding the SELECT statements.
• Use multiple values per SELECT statement as you already suggested. By the way, this is also the way the zSecure user interface works when you use a combination of the line-commands "R" (for Recreate) and "RR" (block recreate) on a list of selected user IDs with option RA.U to indicate which user IDs you want to recreate.

Hope this helps. Regards, Tom Zeehandelaar

------------------------------
Tom Zeehandelaar
z/OS Security Enablement Specialist - zSecure developer
IBM
------------------------------

Original Message:
Sent: Fri June 27, 2025 03:11 PM
From: Steven Hoover
Subject: Duplicate NEWLIST NAME= Bypass/Workaround?

Hi Everyone,

Have a need to generate commands to backup/recreate multiple USERIDs in a single JCL STEP.  Built the CARLA based on what zSecure produces via RA.4.6 with most of the options enabled (relying heavily on the same IMBEDs used by the panels).  Works fine for a single ID.

Was hoping to create a separate series of NEWLISTs for each ID that requires a backup, mostly so the output file is neatly organized (realize I could just include multiple USERIDs in each SELECT).

Problem is that I get a CKR0391 when the CARLA for the second USERID in the list begins to run.  Should have seen that coming.  Know I'd need to keep the NAME= values that are expected by the various IMBED statements I'm pulling in from the .SCKRCARL library for them to function.

Is there a workaround for this situation that I'm missing?  Multiple JCL steps aren't an option.  I'll re-code with multiple values per SELECT if needed, it's just not ideal.

------------------------------
Steven Hoover
------------------------------

Hi Steven

The RECREATE scripts are designed with a variable selection newlist, and several fixed members that generate RACF commands.  The fixed members all reference the name of the selection newlist, like so:

newlist name=idsel
  select class=user mask=IBMUSER
newlist name=baseseg
  select segment=base likelist=idsel
  sortlist 'ADDUSER' profile ...
newlist name=tsoseg proflist=idsel
  select segment=tso
  sortlist 'ALTUSER' profile 'TSO('

CARLa does not allow for redefining (previously defined) newlist names, so a concept like this does not work:

newlist name=idsel
  select class=user mask=IBMUSER
newlist name=baseseg
  select segment=base likelist=idsel
  sortlist 'ADDUSER' profile
......
newlist name=idsel
  select class=user mask=STCUSER
newlist name=baseseg
  select segment=base likelist=idsel
  sortlist 'ADDUSER' profile ...

As you pointed out, that the RECREATE members support the generation of commands for multiple profiles, so the following type of selection newlist should do the trick:

newlist name=idsel
  select class=user mask=SYS*

or

newlist name=idsel
  select class=user profile=(IBMUSER,STCUSER)

If you select the panel option "Optimized for post-processing" and allocate a CKRCMD data set with a LARGE value for LRECL, you should get a list that can be split up quite easily by a post-processing Rexx as you wanted, one member per ID.

------------------------------
Rob van Hoboken
------------------------------

Original Message:
Sent: Fri June 27, 2025 03:11 PM
From: Steven Hoover
Subject: Duplicate NEWLIST NAME= Bypass/Workaround?

Hi Everyone,

Have a need to generate commands to backup/recreate multiple USERIDs in a single JCL STEP.  Built the CARLA based on what zSecure produces via RA.4.6 with most of the options enabled (relying heavily on the same IMBEDs used by the panels).  Works fine for a single ID.

Was hoping to create a separate series of NEWLISTs for each ID that requires a backup, mostly so the output file is neatly organized (realize I could just include multiple USERIDs in each SELECT).

Problem is that I get a CKR0391 when the CARLA for the second USERID in the list begins to run.  Should have seen that coming.  Know I'd need to keep the NAME= values that are expected by the various IMBED statements I'm pulling in from the .SCKRCARL library for them to function.

Is there a workaround for this situation that I'm missing?  Multiple JCL steps aren't an option.  I'll re-code with multiple values per SELECT if needed, it's just not ideal.

------------------------------
Steven Hoover
------------------------------