'Re: RACROUTE REQUEST=LIST [SEC=UNOFFICIAL]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: RACROUTE REQUEST=LIST [SEC=UNOFFICIAL]
From:       "Spooner, Ross" <Ross.Spooner () HUMANSERVICES ! GOV ! AU>
Date:       2014-12-03 0:24:17
Message-ID: f72137c4f35b40ec9fe5a61e03faa518 () DCVSXD202 ! Internal ! Dept ! local
[Download RAW message or body]

Why not issue SEARCH MASK(userid.*.**) via IRRSEQ00 ?


Regards,
Ross Spooner
Senior Mainframe Security Programmer
Security Engineering 
Department of Human Services. Canberra. Australia
w (02) 6141 7282
m 0411 512 680

-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of Rob Schramm
Sent: Wednesday, 3 December 2014 8:59 AM
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: RACROUTE REQUEST=LIST

There is another interface.. RCVT + can't remember offset to get program name for \
doing a list of dataset permissions.

Rob Schramm

PS sorry not near a manual right now
On Dec 2, 2014 4:39 PM, "Tony's Basement Computer" <tbabonas@comcast.net>
wrote:

> Hey Joe, why don't you just use LD and parse the output?  Are you 
> doing this for a large number of dataset names?
> 
> 
> 
> 
> -----Original Message-----
> From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf 
> Of Joe Aulph
> Sent: Tuesday, December 02, 2014 3:36 PM
> To: RACF-L@LISTSERV.UGA.EDU
> Subject: Re: RACROUTE REQUEST=LIST
> 
> Bruce,
> 
> Thanks for the response, so REQUEST=LIST is not the way to go.
> 
> So if I am trying to do in a program what we would do as a TSO line 
> command 'LD DATASET(ABC123.*.**)' . The RACROUTE REQUEST=EXTRACT would 
> be the way to go, looking for a simple RC=0 (it exists) or RC Ź= 0 (it 
> does not exist) via a simple check of R15.
> And sample 4 would be a good starting point..
> 
> Is that about it?
> 
> Joe
> 
> 
> 
> On Tue, Dec 2, 2014 at 3:02 PM, Bruce Wells <brwells@us.ibm.com> wrote:
> 
> > Joe Aulph <sysprog99@GMAIL.COM> wrote on 12/02/2014 02:07:07 PM:
> > 
> > > 
> > > I have a requirement to programmatically determine whether a 
> > > dataset profile exists or not.
> > > Ex. Giving USER ABC123 do rules exist for datasets ABC123.*.** ?
> > > What I am working on is a RACROUTE REQUEST=LIST call, the results 
> > > are a return code of 4 with a RACF return code of 8, telling me 
> > > the specified class is not defined.
> > > 
> > > Here then is the code:
> > > RACROUTE REQUEST=LIST,CLASS=RACCLASS,
> > > LIST=LISTADDR,MF=(E,RACLIST)
> > > 
> > > 
> > > IN STROAGE:
> > > RACLIST RACROUTE REQUEST=LIST,CLASS=RACCLASS,
> > > LIST=LISTADDR,WORKA=RACWORK,MF=L
> > > RACWORK  DS   128F
> > > RACCLASS  DC  CL8'DATASET '
> > > DS   0F
> > > LISTADDR  DS   0CL14
> > > LISTNUM    DC   XL2'001'
> > > DC  AL1(11)
> > > LISTNAM    DC  CL6'NAME'                  <=Filled in via the code
> > > DC  CL5'.*.**'                      such that
> > > in the dump this field appears as
> > > 
> > > ABC123.*.**
> > > 
> > > 
> > > Any ideas as to where I'm missing it here?
> > > Please keep in mind that the above code was transcribed and not 
> > > CUT & PASTE'd, I believe I've transcribed it correctly.
> > > Thanks in advance.
> > > 
> > 
> > Joe, RACROUTE REQUEST=LIST is not supported for the DATASET class.
> > This is implied in the description of the CLASS= parameter (in the 
> > RACROUTE Macro Reference):
> > 
> > "The class name must be a valid, active class as defined in the 
> > class descriptor table."
> > 
> > Any reference to the class descriptor table implies a general 
> > resource class, and DATASET is not a general resource class.
> > 
> > I might reword your requirement (from a RACF perspective anyway) to:
> > 
> > Given a data set name, determine whether it is protected by a 
> > DATASET profile.
> > 
> > If this is really your requirement, you'll want to try RACROUTE 
> > REQUEST=EXTRACT with the MATCHGN=YES keyword.  It will return the 
> > name of the generic profile covering a discrete data set name, if 
> > one exists (and a discrete does not).
> > 
> > If you are really looking for a list of DATASET profiles with a high 
> > level qualifier of ABC123, you still want REQUEST=EXTRACT, and you 
> > might use a modified version of sample 4 provided in the documentation.
> > 
> > Unfortunately, R_Admin does not support the extract of a DATASET profile.
> > 
> > Regards,
> > Bruce R. Wells, CISSP
> > z/OS Security Server Design and Development
> > Phone: Tie 8-295-7498  External: (845) 435-7498
> > Internet: brwells@us.ibm.com
> > Poughkeepsie, NY  USA
> > 
> 

********************************************************************** IMPORTANT: \
This e-mail is for the use of the intended recipient only and may contain information \
that is confidential, commercially valuable and/or subject to legal or parliamentary \
privilege. If you are not the intended recipient you are notified that any review, \
re-transmission, disclosure, dissemination or other use of, or taking of any action \
in reliance upon, this information is prohibited and may result in severe penalties. \
If you have received this e-mail in error please notify the sender immediately and \
delete all electronic and hard copies of this transmission together with any \
attachments. Please consider the environment before printing this e-mail \
********************************************************************** 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic