Hello Rob and Jeroen,
Yes, that did it. I confused the two options for 'Profile fields' and 'Access list'. I got it, great toolbox you guys have created, the option to generate the background jclscript with carla coding and the ability to 'tweak' or 'modify' is so powerful. Many thanks.
Best regards,
Original Message:
Sent: 4/10/2024 2:27:00 AM
From: Rob van Hoboken
Subject: RE: Using zSECURE Foreground Generated zCARLA Coding
Hi Lynn
If you wanted to select only DATASET profiles with a UACC value of READ, you should have taken this option from the RA.D panel:
Additional selection criteria
/ Profile fields
It gives you a choice field for the value of UACC or ID(*):
UACC or ID(*)
__ _ 1. None
2. Execute
3. Read
4. Update
5. Control
6. Alter
7. Ignore UACC
With the 2(!) input fields you can write = 3 to select any profile with UACC=READ or ID(*) with READ, alternatively you could select > 3 that finds you any profile with effectively UACC>READ.
https://www.ibm.com/docs/en/szs/3.1.0?topic=profiles-additional-selection-profile-fields
The ACL(ACCESS=READ) selection finds you profiles where any of the PERMITs has access of read, ACL is short for access control list, i.e., the PERMITs.
------------------------------
Rob van Hoboken
------------------------------
Original Message:
Sent: Tue April 09, 2024 08:56 PM
From: Lynn Gilson
Subject: Using zSECURE Foreground Generated zCARLA Coding
Hello IBM zSecure Exchange!
I have use the zSECURE foreground report panels RA.D to generate a simple report for some DATASET Class profiles. The resulting zCARLA code that was generated for my background submission looks like this:
n n=based1 segment=base required allowrestrict,
,
tt="zSecure Admin+Audit for RACF DATASET Overview",
st="like DSND2L0.D2L*.** with access=READ"
def acl_alter(aclid,sort(id)) subselect acl(access=alter access=READ)
def acl_oper(aclid,sort(id)) subselect acl(access=alter-o access=READ)
def acl_control(aclid,sort(id)) subselect acl(access=control access=READ)
def acl_update(aclid,sort(id)) subselect acl(access=update access=READ)
def acl_read(aclid,sort(id)) subselect acl(access=read access=READ)
def acl_execute(aclid,sort(id)) subselect acl(access=execute access=READ)
def acl_none(aclid,sort(id)) subselect acl(access=none access=READ)
def acl subselect acl( access=READ)
s s=base c=dataset MASK=DSND2L0.D2L*.** (audits=(NONE) AND auditf=(READ)) and acl( access=READ)
sortlist " - complex"(tt,page) complex(tt,page) stamp(tt),
,
searchkey(nd) key(44,wrap) proftype(1) | warning(1,hb) | erase(1,hb),
uacc owner qual auditlvl retpd defdate(7,"Created") notify(7) level auditpriority,
instdata(0,wrap),
/ " *"(ne) | idstar,
/ , " Concern: "(notempty) auditconcern(63,wordwrap),
/ " Volser: "(notempty) volser(0,hor,ww)
\/
/*
With the selection criteria specification "s s=base c=dataset MASK=DSND2L0.D2L*.** (audits=(NONE) AND auditf=(READ)) and acl( access=READ)" why would the CKREPORT report generate as following:
zSecure Admin+Audit for RACF DATASET Overview - complex QUINCY 9Apr2024 02:35 page 1
like DSND2L0.D2L*.** with access=READ
Profile key TWE UACC Owner QUAL S/F RETPD Created Notify Lv Pri InstData
DSND2L0.D2L2.** G NONE DSND2L0 DSND2L0 R 12Mar01 0
DSND2L0.D2L3.** G READ DSND2L0 DSND2L0 R 4Nov22 0
I'm not understanding why the first entry pulled a UACC(NONE) in the list.
Thanks for your help! :-)
------------------------------
Lynn Gilson
Lynn
------------------------------