IBM Security Z Security

 View Only

  • 1.  Using zSecure to find multiple names in the RACF database

    Posted Wed January 24, 2024 02:37 PM

    Hello All, 

    Here comes another question from a relatively new zSecure user. I have a request to see if any of the employees in a company who were terminated in 4Q 2023 have an existing RACF ID and if so, to delete that ID. There are 78 employees in the list to be checked. The only information I have is their first and last names. I know how to search for a user by entering their name in the NAME field in the U option but wanted to know if there was a way to search for all 78 names in a faster way, such as via batch job. If I can set up all 78 names in an input string and do it in a non-manual way that would be helpful to me. Thank you in advance for your help. 



    ------------------------------
    Mory Bindler
    ------------------------------


  • 2.  RE: Using zSecure to find multiple names in the RACF database

    Posted Thu January 25, 2024 04:58 AM
    Hi Mory,

    If you select a user ID by name as you describe, but use Print format and do a background run, you can see and extend the CARLa commands in the generated JCL.

    In the generated JCL you'll find

    s s=base c=user  PGMRNAME=:'searchname'

    If you change the selection of the single name to a list, the report will contain all matched user IDs.

    PGMRNAME=:('name1','name2', ...),
    Unless otherwise stated above:

    IBM Nederland B.V.
    Gevestigd te Amsterdam
    Inschrijving Handelsregister Amsterdam Nr. 33054214



    Original Message


  • 3.  RE: Using zSecure to find multiple names in the RACF database

    IBM Champion
    Posted Thu January 25, 2024 05:58 AM
    Edited by Rob van Hoboken Thu January 25, 2024 05:59 AM

    You could split the name selection across multiple lines like so

    s class=user PGMRNAME=:(,
    'name1',
    'name2',
    ),

    ------------------------------
    Rob van Hoboken
    ------------------------------



  • 4.  RE: Using zSecure to find multiple names in the RACF database

    Posted Thu January 25, 2024 08:10 AM
    Edited by Jeroen Tiggelman Thu January 25, 2024 08:11 AM

    Hi Mory,

    In the recent thread about STANDARD I explained how the lookup on TEST works for checking against the allowlist member.
    Similarly, you could create a member (or data set) with a select list and do a SELECT using a lookup.

    For example, instead of 

    deftype type=POPULATE_STIG_CICBAUDT nowarn col1com='*'          
alloc   type=POPULATE_STIG_CICBAUDT dd=CKA@CUST(CICBAUDT)       
define  type=POPULATE_STIG_CICBAUDT id as substr(record,1,8)

    you could have

    deftype type=$mytype
alloc   type=$mytype dd=my_ddname(my_member)       
define  type=$mytype name as substr(record,1,20)

    to provide a layout for a file that would contain up to 20 character NAME values.

    Then you could code something like:

    newlist type=racf nopage dd=ckr2pass
select class=user segment=base name:$mytype.name.name<>' '      
sortlist 'remove user=' key(0)

    to generate REMOVE USER commands for the user ids that match those names and put them into an output file that could be used as input for another zSecure run.

    Regards,



    ------------------------------
    Jeroen Tiggelman
    IBM - Software Development Manager IBM Security zSecure Suite
    Delft
    ------------------------------

    Original Message