All, Thanks to all, there is one thing that forced us as a vendor to use external resources outside our STC it is the 4096 line limitation to IRRSEQ00. I hope IBM will resolve this. We have one customer with 350,000 RACF userids, if u do a SEARCH CLASS(USER) a failure will occur.
Hopefully, I can take some time to write the new RACROUTE calls and give these ideas a whirl. Sent from my iPad Scott Ford Senior Systems Engineer www.identityforge.com On Jan 23, 2012, at 1:59 PM, Walt Farrell <[email protected]> wrote: > On Mon, 23 Jan 2012 11:25:30 -0500, Scott Ford <[email protected]> wrote: > >> Sorry guys my fault, I should have explained. My LE COBOL program is APF >> authorized. >> I want to be able to all call IKJEFT01 to invoke authorized functions. These >> calls are RACF or one of the other security subsystems. I know certain >> authorized calls I cannot make , now I am submitting a batch IKJEFT01 job >> stream to the Intrdr and I want to internalize this process to the >> COBOL STC. Another solution is where can I find an example of an equivalent >> of >> RACF SEARCH CLASS(FACILITY) or DATASET ? >> > > John McKown has provided a couple of alternatives (IRRSEQ00 callable service, > see RACF Callable Services) or REXX. > > Another would be (for simple SEARCH commands) to use either RACROUTE > REQUEST=EXTRACT,TYPE=EXTRACTN. I'd have a preference for either the RACROUTE > or callable service, because the command processor output is officially not a > programming interface. But it's pretty simple output in this case., > > And the best form of the IRRSEQ00 callable service, using one of the > ADMN_XTR_* functions won't work for the DATASET class. And I have no idea > whether or to what extent the other security products support IRRSEQ00. > > Of course, you're getting into an area where each of the security products > will be returning very different data, so you might as well have 3 different > programs using 3 different mechanisms of extracting data anyway. > > -- > Walt Farrell > IBM STSM, z/OS Security Design > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
