Robert,
As I said, it is old stuff.
I'll follow your recommendation.
Thanks
Atenciosamente / Regards / Saludos
Ituriel do Nascimento Neto
4250/DITI Engenharia de Software
Tel: +55 11 3684-9602 Canal de voz 23-1404
E-mail: ituriel.nascime...@bradesco.com.br
BANCO BRADESCO S.A.
Cidade de Deus, Osasco, Prédio Vermelho
-----Mensagem original-----
De: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> Em nome de Robert
S. Hansel (RSH)
Enviada em: terça-feira, 28 de janeiro de 2020 08:53
Para: IBM-MAIN@LISTSERV.UA.EDU
Assunto: Re: Rexx or similar to clone a RACF user?
Ituriel,
Very clever. However, I recommend using the 0203 record for group connections
instead of the 0102 record. If the user is connected to a UNIVERSAL group,
there won't be a 0102 record unless the user has an authority greater than USE.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshconsulting.com
---------------------------------------------------------------------------
Upcoming RSH RACF Training - WebEx
- RACF Audit & Compliance Roadmap - MAR 23-27, 2020
- RACF Level I Administration - APR 27 - MAY 1, 2020
- RACF Level II Administration - APR 6-10, 2020
- RACF Level III Admin, Audit, & Compliance - MAR 9-13, 2020
- RACF - Securing z/OS UNIX - FEB 10-14, 2020
---------------------------------------------------------------------------
-----Original Message-----
Date: Mon, 27 Jan 2020 17:39:29 +0000
From: ITURIEL DO NASCIMENTO NETO <ituriel.nascime...@bradesco.com.br>
Subject: RES: Rexx or similar to clone a RACF user?
Hi,
In the past i've developed a small ICETOOL that uses output from IRRDBU00 to
clone a USERID.
Here follows the JCL:
//TSL1USER JOB (),CLASS=S,MSGCLASS=T,MSGLEVEL=(1,1),
// COND=(0,NE),
// REGION=0M,NOTIFY=&SYSUID
//*
//* CLONE RACF USERID
//*
//* CHANGE "USERID" TO YOUR USERID TO BE COPIED
//*
// EXEC RACFCLON,DBU=AT.UNLOAD.RACF
//SEPARA.SYSIN DD *
OPTION COPY,VLSHRT,SPANINC=RC0
OUTFIL INCLUDE=(005,4,CH,EQ,C'0200',AND,
010,8,CH,EQ,C'USERID'),FILES=1,
CONVERT,OUTREC=(5,300),VLFILL=C' '
OUTFIL INCLUDE=(005,4,CH,EQ,C'0220',AND,
010,8,CH,EQ,C'USERID'),FILES=2,
CONVERT,OUTREC=(5,300),VLFILL=C' '
OUTFIL INCLUDE=(005,4,CH,EQ,C'0270',AND,
010,8,CH,EQ,C'USERID'),FILES=3,
CONVERT,OUTREC=(5,1100),VLFILL=C' '
OUTFIL INCLUDE=(005,4,CH,EQ,C'0102',AND,
019,8,CH,EQ,C'USERID'),FILES=4,
CONVERT,OUTREC=(5,300),VLFILL=C' '
OUTFIL INCLUDE=(005,4,CH,EQ,C'0404',AND,
062,8,CH,EQ,C'USERID'),FILES=5,
CONVERT,OUTREC=(5,300),VLFILL=C' '
OUTFIL INCLUDE=(005,4,CH,EQ,C'0505',AND,
266,8,CH,EQ,C'USERID'),FILES=6,
CONVERT,OUTREC=(5,300),VLFILL=C' '
//RACFCLON PROC DBU=
//*
//* FILTRA REGISTROS
//*
//SEPARA EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&DBU,DISP=SHR
//SORTOF1 DD DSN=&®200,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//SORTOF2 DD DSN=&®220,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//SORTOF3 DD DSN=&®270,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//SORTOF4 DD DSN=&®102,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//SORTOF5 DD DSN=&®404,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//SORTOF6 DD DSN=&®505,DISP=(,PASS),
// UNIT=(3390),SPACE=(CYL,(1,10),RLSE)
//*
//ADDUSER EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®200,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTFIL OUTREC=(C' ADDUSER ',
06,8,C' OWNER(',26,8,C') DFLTGRP(',096,8,C') + ',
/,
C' PASSWORD(',06,8,C') ',
C'NAME(''',75,20,C''')')
END
//*
//ALTUTSO EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®220,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTFIL OUTREC=(C' ALTUSER ',
06,8,C' TSO(PROC(',150,8,C')) ',
C' ACCTNUM(',15,8,C') + ',
/,
C' SIZE(',159,8,C') ',
C' MAXSIZE(',172,10,C') ',
C' UNIT(',205,8,C') )')
END
//*
//ALTUOMVS EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®270,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTREC FIELDS=(C' ALTUSER ',
06,8,C' OMVS(UID(',15,10,C') ',
C' HOME(',26,10,C') ',
C' PROGRAM(',1050,8,C') )')
END
//*
//CONNECT EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®102,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTREC FIELDS=(C' CONNECT ',
15,8,C'GROUP(',06,8,C') ',
C'OWNER(',06,8,C') ',
C'AUTHORITY(',24,8,C') ')
END
//*
//PERMIT EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®404,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTFIL OUTREC=(C' PERMIT ',
C' ',6,44,C' GEN + ',
/,
C' CLASS(DATASET ) ',
C'ID(',58,8,C') ',
C'ACCESS(',67,8,C') ')
END
//*
//PERMIT EXEC PGM=SORT
//SYSOUT DD DUMMY
//SORTIN DD DSN=&®505,DISP=SHR
//SORTOUT DD SYSOUT=*
//SYSIN DD *
SORT FIELDS=COPY
OUTFIL OUTREC=(C' PERMIT ',
C' ',6,44,C' + ',
/,
C' CLASS(',253,8,C') ',
C'ID(',262,8,C') ',
C'ACCESS(',271,8,C') ')
END
Atenciosamente / Regards / Saludos
Ituriel do Nascimento Neto
4250/DITI Engenharia de Software
Tel: +55 11 3684-9602 Canal de voz 23-1404
E-mail: ituriel.nascime...@bradesco.com.br
BANCO BRADESCO S.A.
Cidade de Deus, Osasco, Prédio Vermelho
-----Mensagem original-----
De: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> Em nome de Charles
Mills Enviada em: sexta-feira, 17 de janeiro de 2020 15:26
Para: IBM-MAIN@LISTSERV.UA.EDU
Assunto: Rexx or similar to clone a RACF user?
X-posted RACF-L and IBM-MAIN.
A Google search reveals that the question "how do I clone a user in RACF?"
has been asked before and the answer is basically "buy Vanguard, Beta88 or
zSecure." People also mentioned "you might write a Rexx script to do this."
Not having one of those proprietary products I searched the CBT tape to see if
such a Rexx script were to be found there, without success.
So my question is: does anyone know of a CBT or similar tool to clone a RACF
user, or does anyone have a Rexx script that they might be willing to share?
Thanks,
Charles
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
AVISO LEGAL <br>...Esta mensagem é destinada exclusivamente para a(s) pessoa(s)
a quem é dirigida, podendo conter informação confidencial e/ou legalmente
privilegiada. Se você não for destinatário desta mensagem, desde já fica
notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de
qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal.
Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este
E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de
dados, registros ou sistema de controle. Fica desprovida de eficácia e validade
a mensagem que contiver vínculos obrigacionais, expedida por quem não detenha
poderes de representação.
LEGAL ADVICE<br>...This message is exclusively destined for the people to whom
it is directed, and it can bear private and/or legally exceptional information.
If you are not addressee of this message, since now you are advised to not
release, copy, distribute, check or, otherwise, use the information contained
in this message, because it is illegal. If you received this message by
mistake, we ask you to return this email, making possible, as soon as possible,
the elimination of its contents of your database, registrations or controls
system. The message that bears any mandatory links, issued by someone who has
no representation powers, shall be null or void.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
