Hi Mory,
In the recent thread about STANDARD I explained how the lookup on TEST works for checking against the allowlist member.
Similarly, you could create a member (or data set) with a select list and do a SELECT using a lookup.
For example, instead of
deftype type=POPULATE_STIG_CICBAUDT nowarn col1com='*'
alloc type=POPULATE_STIG_CICBAUDT dd=CKA@CUST(CICBAUDT)
define type=POPULATE_STIG_CICBAUDT id as substr(record,1,8)
you could have
deftype type=$mytype
alloc type=$mytype dd=my_ddname(my_member)
define type=$mytype name as substr(record,1,20)
to provide a layout for a file that would contain up to 20 character NAME values.
Then you could code something like:
newlist type=racf nopage dd=ckr2pass
select class=user segment=base name:$mytype.name.name<>' '
sortlist 'remove user=' key(0)
to generate REMOVE USER commands for the user ids that match those names and put them into an output file that could be used as input for another zSecure run.
Regards,
------------------------------
Jeroen Tiggelman
IBM - Software Development Manager IBM Security zSecure Suite
Delft
------------------------------
Original Message:
Sent: Wed January 24, 2024 02:36 PM
From: Mory Bindler
Subject: Using zSecure to find multiple names in the RACF database
Hello All,
Here comes another question from a relatively new zSecure user. I have a request to see if any of the employees in a company who were terminated in 4Q 2023 have an existing RACF ID and if so, to delete that ID. There are 78 employees in the list to be checked. The only information I have is their first and last names. I know how to search for a user by entering their name in the NAME field in the U option but wanted to know if there was a way to search for all 78 names in a faster way, such as via batch job. If I can set up all 78 names in an input string and do it in a non-manual way that would be helpful to me. Thank you in advance for your help.
------------------------------
Mory Bindler
------------------------------