[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Re: RACROUTE REQUEST=LIST [SEC=UNOFFICIAL]
From: "Spooner, Ross" <Ross.Spooner () HUMANSERVICES ! GOV ! AU>
Date: 2014-12-03 0:24:17
Message-ID: f72137c4f35b40ec9fe5a61e03faa518 () DCVSXD202 ! Internal ! Dept ! local
[Download RAW message or body]
Why not issue SEARCH MASK(userid.*.**) via IRRSEQ00 ?
Regards,
Ross Spooner
Senior Mainframe Security Programmer
Security Engineering
Department of Human Services. Canberra. Australia
w (02) 6141 7282
m 0411 512 680
-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of Rob Schramm
Sent: Wednesday, 3 December 2014 8:59 AM
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: RACROUTE REQUEST=LIST
There is another interface.. RCVT + can't remember offset to get program name for \
doing a list of dataset permissions.
Rob Schramm
PS sorry not near a manual right now
On Dec 2, 2014 4:39 PM, "Tony's Basement Computer" <tbabonas@comcast.net>
wrote:
> Hey Joe, why don't you just use LD and parse the output? Are you
> doing this for a large number of dataset names?
>
>
>
>
> -----Original Message-----
> From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf
> Of Joe Aulph
> Sent: Tuesday, December 02, 2014 3:36 PM
> To: RACF-L@LISTSERV.UGA.EDU
> Subject: Re: RACROUTE REQUEST=LIST
>
> Bruce,
>
> Thanks for the response, so REQUEST=LIST is not the way to go.
>
> So if I am trying to do in a program what we would do as a TSO line
> command 'LD DATASET(ABC123.*.**)' . The RACROUTE REQUEST=EXTRACT would
> be the way to go, looking for a simple RC=0 (it exists) or RC ¬= 0 (it
> does not exist) via a simple check of R15.
> And sample 4 would be a good starting point..
>
> Is that about it?
>
> Joe
>
>
>
> On Tue, Dec 2, 2014 at 3:02 PM, Bruce Wells <brwells@us.ibm.com> wrote:
>
> > Joe Aulph <sysprog99@GMAIL.COM> wrote on 12/02/2014 02:07:07 PM:
> >
> > >
> > > I have a requirement to programmatically determine whether a
> > > dataset profile exists or not.
> > > Ex. Giving USER ABC123 do rules exist for datasets ABC123.*.** ?
> > > What I am working on is a RACROUTE REQUEST=LIST call, the results
> > > are a return code of 4 with a RACF return code of 8, telling me
> > > the specified class is not defined.
> > >
> > > Here then is the code:
> > > RACROUTE REQUEST=LIST,CLASS=RACCLASS,
> > > LIST=LISTADDR,MF=(E,RACLIST)
> > >
> > >
> > > IN STROAGE:
> > > RACLIST RACROUTE REQUEST=LIST,CLASS=RACCLASS,
> > > LIST=LISTADDR,WORKA=RACWORK,MF=L
> > > RACWORK DS 128F
> > > RACCLASS DC CL8'DATASET '
> > > DS 0F
> > > LISTADDR DS 0CL14
> > > LISTNUM DC XL2'001'
> > > DC AL1(11)
> > > LISTNAM DC CL6'NAME' <=Filled in via the code
> > > DC CL5'.*.**' such that
> > > in the dump this field appears as
> > >
> > > ABC123.*.**
> > >
> > >
> > > Any ideas as to where I'm missing it here?
> > > Please keep in mind that the above code was transcribed and not
> > > CUT & PASTE'd, I believe I've transcribed it correctly.
> > > Thanks in advance.
> > >
> >
> > Joe, RACROUTE REQUEST=LIST is not supported for the DATASET class.
> > This is implied in the description of the CLASS= parameter (in the
> > RACROUTE Macro Reference):
> >
> > "The class name must be a valid, active class as defined in the
> > class descriptor table."
> >
> > Any reference to the class descriptor table implies a general
> > resource class, and DATASET is not a general resource class.
> >
> > I might reword your requirement (from a RACF perspective anyway) to:
> >
> > Given a data set name, determine whether it is protected by a
> > DATASET profile.
> >
> > If this is really your requirement, you'll want to try RACROUTE
> > REQUEST=EXTRACT with the MATCHGN=YES keyword. It will return the
> > name of the generic profile covering a discrete data set name, if
> > one exists (and a discrete does not).
> >
> > If you are really looking for a list of DATASET profiles with a high
> > level qualifier of ABC123, you still want REQUEST=EXTRACT, and you
> > might use a modified version of sample 4 provided in the documentation.
> >
> > Unfortunately, R_Admin does not support the extract of a DATASET profile.
> >
> > Regards,
> > Bruce R. Wells, CISSP
> > z/OS Security Server Design and Development
> > Phone: Tie 8-295-7498 External: (845) 435-7498
> > Internet: brwells@us.ibm.com
> > Poughkeepsie, NY USA
> >
>
********************************************************************** IMPORTANT: \
This e-mail is for the use of the intended recipient only and may contain information \
that is confidential, commercially valuable and/or subject to legal or parliamentary \
privilege. If you are not the intended recipient you are notified that any review, \
re-transmission, disclosure, dissemination or other use of, or taking of any action \
in reliance upon, this information is prohibited and may result in severe penalties. \
If you have received this e-mail in error please notify the sender immediately and \
delete all electronic and hard copies of this transmission together with any \
attachments. Please consider the environment before printing this e-mail \
**********************************************************************
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic