Ituriel,
Very clever. However, I recommend using the 0203 record for group connections
instead of the 0102 record. If the user is connected to a UNIVERSAL group,
there won't be a 0102 record unless the user has an authority greater than USE.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshconsulting.com
---------------------------------------------------------------------------
Upcoming RSH RACF Training - WebEx
- RACF Audit & Compliance Roadmap - MAR 23-27, 2020
- RACF Level I Administration - APR 27 - MAY 1, 2020
- RACF Level II Administration - APR 6-10, 2020
- RACF Level III Admin, Audit, & Compliance - MAR 9-13, 2020
- RACF - Securing z/OS UNIX - FEB 10-14, 2020
---------------------------------------------------------------------------
-----Original Message-----
Date: Mon, 27 Jan 2020 17:39:29 +0000
From: ITURIEL DO NASCIMENTO NETO <ituriel.nascime...@bradesco.com.br>
Subject: RES: Rexx or similar to clone a RACF user?
Hi,
In the past i've developed a small ICETOOL that uses output from IRRDBU00 to
clone a USERID.
Here follows the JCL:
//TSL1USER JOB (),CLASS=S,MSGCLASS=T,MSGLEVEL=(1,1),
// COND=(0,NE),
// REGION=0M,NOTIFY=&SYSUID
//*
//* CLONE RACF USERID
//*
//* CHANGE "USERID" TO YOUR USERID TO BE COPIED
//*
// EXEC RACFCLON,DBU=AT.UNLOAD.RACF
//SEPARA.SYSIN DD *
OPTION COPY,VLSHRT,SPANINC=RC0
OUTFIL INCLUDE=(005,4,CH,EQ,C'0200',AND,
010,8,CH,EQ,C'USERID'),FILES=1,
CONVERT,OUTREC=(5,300),VLFILL=C' '
OUTFIL INCLUDE=(005,4,CH,EQ,C'0220',AND,
010,8,CH,EQ,C'USERID'),FILES=2,
CONVERT,OUTREC=(5,300),VLFILL=C' '
OUTFIL INCLUDE=(005,4,CH,EQ,C'0270',AND,
010,8,CH,EQ,C'USERID'),FILES=3,
CONVERT,OUTREC=(5,1100),VLFILL=C' '
OUTFIL INCLUDE=(005,4,CH,EQ,C'0102',AND,
019,8,CH,EQ,C'USERID'),FILES=4,
CONVERT,OUTREC=(5,300),VLFILL=C' '
OUTFIL INCLUDE=(005,4,CH,EQ,C'0404',AND,
062,8,CH,EQ,C'USERID'),FILES=5,
CONVERT,OUTREC=(5,300),VLFILL=C' '
OUTFIL INCLUDE=(005,4,CH,EQ,C'0505',AND,
266,8,CH,EQ,C'USERID'),FILES=6,
CONVERT,OUTREC=(5,300),VLFILL=C' '
//RACFCLON PROC DBU=
//*
//* FILTRA REGISTROS
//*
//SEPARA EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&DBU,DISP=SHR
//SORTOF1 DD DSN=&®200,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//SORTOF2 DD DSN=&®220,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//SORTOF3 DD DSN=&®270,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//SORTOF4 DD DSN=&®102,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//SORTOF5 DD DSN=&®404,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//SORTOF6 DD DSN=&®505,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//*
//ADDUSER EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®200,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTFIL OUTREC=(C' ADDUSER ',
06,8,C' OWNER(',26,8,C') DFLTGRP(',096,8,C') + ',
/,
C' PASSWORD(',06,8,C') ',
C'NAME(''',75,20,C''')')
END
//*
//ALTUTSO EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®220,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTFIL OUTREC=(C' ALTUSER ',
06,8,C' TSO(PROC(',150,8,C')) ',
C' ACCTNUM(',15,8,C') + ',
/,
C' SIZE(',159,8,C') ',
C' MAXSIZE(',172,10,C') ',
C' UNIT(',205,8,C') )')
END
//*
//ALTUOMVS EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®270,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTREC FIELDS=(C' ALTUSER ',
06,8,C' OMVS(UID(',15,10,C') ',
C' HOME(',26,10,C') ',
C' PROGRAM(',1050,8,C') )')
END
//*
//CONNECT EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®102,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTREC FIELDS=(C' CONNECT ',
15,8,C'GROUP(',06,8,C') ',
C'OWNER(',06,8,C') ',
C'AUTHORITY(',24,8,C') ')
END
//*
//PERMIT EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®404,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTFIL OUTREC=(C' PERMIT ',
C' ',6,44,C' GEN + ',
/,
C' CLASS(DATASET ) ',
C'ID(',58,8,C') ',
C'ACCESS(',67,8,C') ')
END
//*
//PERMIT EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®505,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTFIL OUTREC=(C' PERMIT ',
C' ',6,44,C' + ',
/,
C' CLASS(',253,8,C') ',
C'ID(',262,8,C') ',
C'ACCESS(',271,8,C') ')
END
Atenciosamente / Regards / Saludos
Ituriel do Nascimento Neto
4250/DITI Engenharia de Software
Tel: +55 11 3684-9602 Canal de voz 23-1404
E-mail: ituriel.nascime...@bradesco.com.br
BANCO BRADESCO S.A.
Cidade de Deus, Osasco, Prédio Vermelho
-----Mensagem original-----
De: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> Em nome de Charles
Mills
Enviada em: sexta-feira, 17 de janeiro de 2020 15:26
Para: IBM-MAIN@LISTSERV.UA.EDU
Assunto: Rexx or similar to clone a RACF user?
X-posted RACF-L and IBM-MAIN.
A Google search reveals that the question "how do I clone a user in RACF?"
has been asked before and the answer is basically "buy Vanguard, Beta88 or
zSecure." People also mentioned "you might write a Rexx script to do this."
Not having one of those proprietary products I searched the CBT tape to see if
such a Rexx script were to be found there, without success.
So my question is: does anyone know of a CBT or similar tool to clone a RACF
user, or does anyone have a Rexx script that they might be willing to share?
Thanks,
Charles
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
