IBM Security Z Security

 View Only

  • 1.  List of users - then Delete

    Posted Sun September 01, 2024 02:01 PM

    Hello - i believe i need 2pass carla to accomplish this. I create a report of users where last connect date is < today-120. I want to feed each userid into the REMOVE USER=xxxx command.

    I have this as part1 :

    newlist                                                            
     s s=base c=user  OWNER=ABCUSERS last_connect_date<TODAY-120       
     x class=user key=(myid)                                           
     sortlist key(8,"User") name  dfltgrp owner last_connect_date(11)

    But how do i get each user USER=xxxxx so i can produce a delete report for each user:

    SUPPRESS  MANAGERACFVARS DELETEDATASETS      
    REMOVE USER=xxxxxx   

    thanks !!!                         



    ------------------------------
    Joseph Sumi
    ------------------------------


  • 2.  RE: List of users - then Delete

    Posted Mon September 02, 2024 02:19 AM

    Joseph,

    The following should do what you want:

    newlist type=racf name=racfsel outlim=1 nopage dd=ckr2pass ll=32752                                                            
 select segment=base class=user  OWNER=ABCUSERS last_connect_date<TODAY-120       
 exclude class=user key=(myid)
 list "SUPPRESS  MANAGERACFVARS DELETEDATASETS"

newlist type=racf name=userlist nopage dd=ckr2pass ll=32752
 select likelist=racfsel
 sortlist "REMOVE USER=" key(0)


    ------------------------------
    Ronald van der Laan
    ------------------------------

    Original Message


  • 3.  RE: List of users - then Delete

    Posted Mon September 02, 2024 12:34 PM

    Hello - thanks, the carla produces:

    REMOVE USER= ABCD 
    REMOVE USER= EFGH 

    ...

    But i need to go one step further and also execute the REMOVES that are in the CKR2PASS DD to produce the command report for the user deletes.

    Thanks.



    ------------------------------
    Joseph Sumi
    ------------------------------

    Original Message


  • 4.  RE: List of users - then Delete

    Posted Tue September 03, 2024 01:59 AM

    Hi Joseph,

    Sorry, I forgot to add a vertical bar to elimate the space between the equal sign and userid:   

    sortlist "REMOVE USER=" | key(0)

    If you want to delete these users automaticallly, then feed the CKRCMD output from the 2nd pass to CKX.

    For instance:

    //DELETE   PGM=CKX,PARM='DD=CKRCMD'
//CKXT@PRT DD SYSOUT=*
//CKRCMD   DD ....


    ------------------------------
    Ronald van der Laan
    ------------------------------

    Original Message


  • 5.  RE: List of users - then Delete

    Posted Tue September 03, 2024 04:20 AM
    Edited by Rob van Hoboken Tue September 03, 2024 04:22 AM

    Hi Joe

    If you run the CARLa script in ISPF, it generates a list of REMOVE commands in the CKR2PASS file.  You issue the RUN command in the command line, or enter an R line command in front of CKR2PASS in the Results selection list, to execute the REMOVE commands.  This results in a CKRCMD file, and again you issue RUN command or the R line command.

    If you run in batch, you need 3 JCL steps like so:

    // EXEC C2RC
//CKR2PASS DD DISP=(,PASS),DSN=&REMOVES,SPACE=(TRK,(10,10))
//SYSIN DD *
newlist type=racf name=racfsel outlim=1 nopage dd=ckr2pass
 select segment=base class=user  OWNER=ABCUSERS last_connect_date<TODAY-120       
 exclude class=user key=myid
 sortlist "SUPPRESS  MANAGERACFVARS DELETEDATASETS"

newlist type=racf name=userlist nopage dd=ckr2pass
 select likelist=racfsel
 sortlist "REMOVE USER=" | key(0)

// EXEC C2RC
//REMOVES DD DISP=(OLD,PASS),DSN=&REMOVES
//CKRCMD  DD DISP=(,PASS),DSN=&RACFCMDS,SPACE=(TRK,(10,10))
//SYSIN DD *
  /* you could enter ALLOC commands for a RACF input source and a CKFREEZE before the include command
include dd=removes

//DELETE   PGM=CKX,PARM='DD=CKRCMD'
//CKXT@PRT DD SYSOUT=*
//CKRCMD   DD DISP=(OLD,PASS),DSN=&RACFCMDS

    Add STEPLIB and JCLLIBs as needed.

    Note: you probably to test this out VERY CAREFULLY because the last step may delete more than you anticipated.

    ------------------------------
    Rob van Hoboken
    ------------------------------

    Original Message


  • 6.  RE: List of users - then Delete

    Posted Mon September 16, 2024 08:13 PM

    Hello, thank you !! this worked great..... I skipped the last part, DELETE but thanks for showing me how to do that as well.

    I allocated a dataset in the CKRCMD DD from the 2nd 'EXEC C2RC' to produce the commands for manual review before executing. This is exactly what I was looking for. Thanks !



    ------------------------------
    Joseph Sumi
    ------------------------------

    Original Message