RES: RES: RES: Rexx or similar to clone a RACF user?
Sri,
Amazing JOB.
Sort is really a magic tool.
Thank you
Atenciosamente / Regards / Saludos
Ituriel do Nascimento Neto
4250/DITI Engenharia de Software
Tel: +55 11 3684-9602 Canal de voz 23-1404
E-mail: ituriel.nascime...@bradesco.com.br
BANCO BRADESCO S.A.
Cidade de Deus, Osasco, Prédio Vermelho
-Mensagem original-
De: IBM Mainframe Discussion List Em nome de Sri h
Kolusu
Enviada em: quarta-feira, 29 de janeiro de 2020 11:38
Para: IBM-MAIN@LISTSERV.UA.EDU
Assunto: Re: RES: RES: Rexx or similar to clone a RACF user?
Ituriel do Nascimento Neto,
Here is the JCL that I was talking about. You pass the the exiting userid
that you need to clone as a parm named BASEUSER and the new userid as another
parm CLONUSER. I split the statements into different files , so that you can
run them in the sequence you want to.
// SET BASEUSER='KOLUSU'
// SET CLONUSER='ITURIEL'
//*
//* create Racf statements to clone the userid **
//*
//STEP0100 EXEC PGM=SORT,PARM='JP1"",JP2""'
//SYSOUT DD SYSOUT=*
//SORTIN DD DISP=SHR,DSN=Your RACF unload Database file
//ADDUSER DD SYSOUT=*
//ALTUSER DD SYSOUT=*
//CONNECT DD SYSOUT=*
//PERMIT DD SYSOUT=*
//SYSINDD *
OPTION COPY,VLSCMP
INCLUDE COND=((005,4,CH,EQ,C'0200',AND,010,8,CH,EQ,JP1),OR,
(005,4,CH,EQ,C'0220',AND,010,8,CH,EQ,JP1),OR,
(005,4,CH,EQ,C'0270',AND,010,8,CH,EQ,JP1),OR,
(005,4,CH,EQ,C'0102',AND,019,8,CH,EQ,JP1),OR,
(005,4,CH,EQ,C'0404',AND,062,8,CH,EQ,JP1),OR,
(005,4,CH,EQ,C'0505',AND,266,8,CH,EQ,JP1))
INREC IFTHEN=(WHEN=INIT,
BUILD=(001,004,
005,1100)),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0200'),
BUILD=(1,4,
C' ADDUSER ',
JP2,C' OWNER(',30,8,C') DFLTGRP(',100,8,C') + ',
85:C' PASSWORD(',10,8,C') ',
C'NAME(''',79,20,C''')')),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0220'),
BUILD=(1,4,
C' ALTUSER ',
JP2,C' TSO(PROC(',154,8,C')) ',
C' ACCTNUM(',19,8,C') + ',
85:C' SIZE(',163,8,C') ',
C' MAXSIZE(',176,10,C') ',
C' UNIT(',209,8,C') )')),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0270'),
BUILD=(1,4,
C' ALTUSER ',
JP2,C' OMVS(UID(',15,10,C') ',
C' HOME(',30,10,C') ',
C' PROGRAM(',1054,8,C') )')),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0102'),
BUILD=(1,4,
C' CONNECT ',
JP2,C' GROUP(',10,8,C') ',
C'OWNER(',10,8,C') ',
C'AUTHORITY(',28,8,C') ')),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0404'),
BUILD=(1,4,
C' PERMIT ',
C' ',10,44,C' GEN + ',
85:C' CLASS(DATASET ) ',
C'ID(',62,8,C') ',
C'ACCESS(',71,8,C') ')),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0505'),
BUILD=(1,4,
C' PERMIT ',
C' ',10,44,C' + ',
85:C' CLASS(',257,8,C') ',
C'ID(',266,8,C') ',
C'ACCESS(',275,8,C') '))
OUTFIL FNAMES=ADDUSER,INCLUDE=(5,8,CH,EQ,C' ADDUSER '),
VTOF,BUILD=(5,80,/,85,80)
OUTFIL FNAMES=ALTUSER,INCLUDE=(5,8,CH,EQ,C' ALTUSER '),
VTOF,BUILD=(5,80,/,85,80)
OUTFIL FNAMES=CONNECT,INCLUDE=(5,8,CH,EQ,C' CONNECT '),
VTOF,BUILD=(5,80)
OUTFIL FNAMES=PERMIT,INCLUDE=(5,8,CH,EQ,C' PERMIT '),
VTOF,BUILD=(5,80,/,85,80)
/*
Further if you have any questions please let me know
Thanks,
Kolusu
DFSORT Development
IBM Corporation
--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
AVISO LEGAL ...Esta mensagem é destinada exclusivamente para a(s) pessoa(s)
a quem é dirigida, podendo conter informação confidencial e/ou legalmente
privilegiada. Se você não for destinatário desta mensagem, desde já fica
notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de
qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal.
Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este
E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de
dados, registros ou sistema de controle. Fica desprovida de eficácia e validade
a mensagem que contiver vínculos obrigacionais, expedida por quem não detenha
poderes de representação.
LEGAL ADVICE...This message is exclusively destined for the people to whom
it is directed, and it can bear private and/or legally exceptional information.
If you are not addressee of this message, since
Re: RES: RES: Rexx or similar to clone a RACF user?
Sri h Kolusu wrote:
>Here is the JCL that I was talking about. You pass the the exiting userid
>that you need to clone as a parm named BASEUSER and the new userid as another
>parm CLONUSER. I split the statements into different files , so that you can
>run them in the sequence you want to.
Amazing! That is a magic wand with all these useful IFTHEN, BUILD and OUTFIL
statements. (Yes, zSecure or DBSYNC are good for cloning ids, but one more tool
can't hurt at all!)
One correction, - for Ituriel do Nascimento Neto - if you don't mind please:
> IFTHEN=(WHEN=(5,4,CH,EQ,C'0270'),
> BUILD=(1,4,
>C' ALTUSER ',
>JP2,C' OMVS(UID(',15,10,C') ',
>C' HOME(',30,10,C') ',
>C' PROGRAM(',1054,8,C') )')),
Should rather be this:
IFTHEN=(WHEN=(5,4,CH,EQ,C'0270'),
BUILD=(1,4,
C' ALTUSER ',
JP2,C' OMVS(AUTOUID ',
C' HOME(',30,??,C') ',
C' PROGRAM(',1054,8,C') )')),
AUTOUID should rather be used if you want to have RACF generate UID value
instead of copying/cloning the UID.
The HOME is not 10 characters long, it is just over 1000 characters long. You
need to change the '??' to something useful.
See for description of the IRRDBU00 output (watch the wrap):
https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.icha300/usr.htm#idg66559
Of course, it is up to you to accept Sri h Kolusu magic wand just as it is
provided.
Groete / Greetings
Elardus Engelbrecht
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RES: RES: Rexx or similar to clone a RACF user?
Ituriel do Nascimento Neto,
Here is the JCL that I was talking about. You pass the the exiting userid
that you need to clone as a parm named BASEUSER and the new userid as
another parm CLONUSER. I split the statements into different files , so
that you can run them in the sequence you want to.
// SET BASEUSER='KOLUSU'
// SET CLONUSER='ITURIEL'
//*
//* create Racf statements to clone the userid **
//*
//STEP0100 EXEC PGM=SORT,PARM='JP1"",JP2""'
//SYSOUT DD SYSOUT=*
//SORTIN DD DISP=SHR,DSN=Your RACF unload Database file
//ADDUSER DD SYSOUT=*
//ALTUSER DD SYSOUT=*
//CONNECT DD SYSOUT=*
//PERMIT DD SYSOUT=*
//SYSINDD *
OPTION COPY,VLSCMP
INCLUDE COND=((005,4,CH,EQ,C'0200',AND,010,8,CH,EQ,JP1),OR,
(005,4,CH,EQ,C'0220',AND,010,8,CH,EQ,JP1),OR,
(005,4,CH,EQ,C'0270',AND,010,8,CH,EQ,JP1),OR,
(005,4,CH,EQ,C'0102',AND,019,8,CH,EQ,JP1),OR,
(005,4,CH,EQ,C'0404',AND,062,8,CH,EQ,JP1),OR,
(005,4,CH,EQ,C'0505',AND,266,8,CH,EQ,JP1))
INREC IFTHEN=(WHEN=INIT,
BUILD=(001,004,
005,1100)),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0200'),
BUILD=(1,4,
C' ADDUSER ',
JP2,C' OWNER(',30,8,C') DFLTGRP(',100,8,C') + ',
85:C' PASSWORD(',10,8,C') ',
C'NAME(''',79,20,C''')')),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0220'),
BUILD=(1,4,
C' ALTUSER ',
JP2,C' TSO(PROC(',154,8,C')) ',
C' ACCTNUM(',19,8,C') + ',
85:C' SIZE(',163,8,C') ',
C' MAXSIZE(',176,10,C') ',
C' UNIT(',209,8,C') )')),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0270'),
BUILD=(1,4,
C' ALTUSER ',
JP2,C' OMVS(UID(',15,10,C') ',
C' HOME(',30,10,C') ',
C' PROGRAM(',1054,8,C') )')),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0102'),
BUILD=(1,4,
C' CONNECT ',
JP2,C' GROUP(',10,8,C') ',
C'OWNER(',10,8,C') ',
C'AUTHORITY(',28,8,C') ')),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0404'),
BUILD=(1,4,
C' PERMIT ',
C' ',10,44,C' GEN + ',
85:C' CLASS(DATASET ) ',
C'ID(',62,8,C') ',
C'ACCESS(',71,8,C') ')),
IFTHEN=(WHEN=(5,4,CH,EQ,C'0505'),
BUILD=(1,4,
C' PERMIT ',
C' ',10,44,C' + ',
85:C' CLASS(',257,8,C') ',
C'ID(',266,8,C') ',
C'ACCESS(',275,8,C') '))
OUTFIL FNAMES=ADDUSER,INCLUDE=(5,8,CH,EQ,C' ADDUSER '),
VTOF,BUILD=(5,80,/,85,80)
OUTFIL FNAMES=ALTUSER,INCLUDE=(5,8,CH,EQ,C' ALTUSER '),
VTOF,BUILD=(5,80,/,85,80)
OUTFIL FNAMES=CONNECT,INCLUDE=(5,8,CH,EQ,C' CONNECT '),
VTOF,BUILD=(5,80)
OUTFIL FNAMES=PERMIT,INCLUDE=(5,8,CH,EQ,C' PERMIT '),
VTOF,BUILD=(5,80,/,85,80)
/*
Further if you have any questions please let me know
Thanks,
Kolusu
DFSORT Development
IBM Corporation
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
RES: RES: Rexx or similar to clone a RACF user?
Sri, Thank you, i'll give it a try. Atenciosamente / Regards / Saludos Ituriel do Nascimento Neto 4250/DITI Engenharia de Software Tel: +55 11 3684-9602 Canal de voz 23-1404 E-mail: ituriel.nascime...@bradesco.com.br BANCO BRADESCO S.A. Cidade de Deus, Osasco, Prédio Vermelho -Mensagem original- De: IBM Mainframe Discussion List Em nome de Sri h Kolusu Enviada em: segunda-feira, 27 de janeiro de 2020 16:31 Para: IBM-MAIN@LISTSERV.UA.EDU Assunto: Re: RES: Rexx or similar to clone a RACF user? > In the past i've developed a small ICETOOL that uses output from > IRRDBU00 to clone a USERID. Ituriel do Nascimento Neto Just so you know, the JCL can be simplified into a single step with single pass of data. Thanks, Kolusu DFSORT Development IBM Corporation -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN AVISO LEGAL ...Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial e/ou legalmente privilegiada. Se você não for destinatário desta mensagem, desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de dados, registros ou sistema de controle. Fica desprovida de eficácia e validade a mensagem que contiver vínculos obrigacionais, expedida por quem não detenha poderes de representação. LEGAL ADVICE...This message is exclusively destined for the people to whom it is directed, and it can bear private and/or legally exceptional information. If you are not addressee of this message, since now you are advised to not release, copy, distribute, check or, otherwise, use the information contained in this message, because it is illegal. If you received this message by mistake, we ask you to return this email, making possible, as soon as possible, the elimination of its contents of your database, registrations or controls system. The message that bears any mandatory links, issued by someone who has no representation powers, shall be null or void. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
