Re: CMS SFS Question

[Les Koehler]

I'm curious: How do you find the user who is not enrolled, but granted rights to 
the target user to be deleted?

Les
Schuh, Richard wrote:
The Pipe is the easiest. 

PIPE < user list | spec /delete user/ 1 w1 nw | cms | > delete log a

Note, however, that if you have an SFS that has a lot of files and permissions, each DELETE USER can take a long time, so you do not want to do this on an id that you might need soon after you enter the PIPE command. In our shop, an individual DELETE USER can take upwards of 10 minutes. 

Cleaning up SFS when a userid is deleted is important from a security standpoint. If the same id should be given to a different person, it would automatically inherit permissions from the prior owner. You should be doing a DELETE USER every time that a userid is deleted from the directory. 

It is possible for one user to grant access to other users who are not 
enrolled. DELETE USER does not clean up these permissions. To get rid of them, 
you have to first enroll the user in the pool even if it is for 0 blocks. To 
solve this in our automated process, each user to be deleted is enrolled for 0 
blocks, ignoring the return code. We don't care if the user is already 
enrolled, the attempt does no harm. After the enroll, the deletion will clean 
out all permissions granted to or by the user being deleted.


Regards, 
Richard Schuh 

 

-----Original Message-----
From: The IBM z/VM Operating System 
[mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Rick Troth
Sent: Tuesday, March 01, 2011 10:54 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: CMS SFS Question

Nahh ... even easier ... Pipes.
I'm thinking two pipes.  One to gather the Q ENROLL output 
then a second to actually perform the deletes.  In between 
shove that Q ENROLL output into a file, manually edit for 
confirmation, then feed the selected content into DELETE USER.

-- R;
Rick Troth
Velocity Software
http://www.velocitysoftware.com/



On Tue, 1 Mar 2011, Rich Smrcina wrote:

REXX?

On 03/01/2011 12:35 PM, Wandschneider, Scott wrote:
Is there a way to delete multiple users at once or create 
a "batch" job to delete multiple users that are enrolled in SFS?
Thank you,
Scott R Wandschneider
Systems Programmer 3|| Infocrossing, a Wipro Company || 11707 
Miracle Hills Drive, Omaha, NE, 68154-4457|| ': 402.963.8905 || 
Ë:847.849.7223  ||  : 
scott.wandschnei...@infocrossing.com **Think 
Green  - Please print responsibly**



Confidentiality Note: This e-mail, including any 
attachment to it, may contain material that is confidential, 
proprietary, privileged and/or "Protected Health 
Information," within the meaning of the regulations under the 
Health Insurance Portability&  Accountability Act as amended. 
 If it is not clear that you are the intended recipient, you 
are hereby notified that you have received this transmittal 
in error, and any review, dissemination, distribution or 
copying of this e-mail, including any attachment to it, is 
strictly prohibited. If you have received this e-mail in 
error, please immediately return it to the sender and delete 
it from your system. Thank you.

--
Rich Smrcina
Velocity Software, Inc.
http://www.velocitysoftware.com

Catch the WAVV! http://www.wavv.org
WAVV 2011 - April 15-19, 2011 Colorado Springs, CO