Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RACF Group id

247 views
Skip to first unread message

Matthew Stitt

unread,
Apr 22, 2003, 9:29:22 AM4/22/03
to
Is there a variable in REXX which can give a user's group id? We can get the user id, but would like to query the group name from RACF.

Thanks.....


****************************************************************************************************
This e-mail and any files transmitted with it are confidential to abc distributing, llc.
("abc"), and may contain proprietary or copyrighted materials belonging to abc, which
are intended solely for the individual named. If you are not the named addressee, you
are notified that any copying, dissemination, distribution or disclosure of any or all of its
contents, and any action taken in reliance on the transmission, are unauthorized and
prohibited. Please notify abc immediately by e-mail reply if you have received this
transmission in error and take all necessary and appropriate actions to permanently
delete it from your system.
*****************************************************************************************************

----------------------------------------------------------------------
For TSO-REXX subscribe / signoff / archive access instructions,
send email to LIST...@VM.MARIST.EDU with the message: INFO TSO-REXX

Ken MacKenzie

unread,
Apr 22, 2003, 9:35:32 AM4/22/03
to
Matthew,

You'll find a REXX exec on the CBT tape (file393) - partially written by
me.

http://www.cbttape.org/ftp/cbt/CBT393.zip

This exec will return or display all RACF groups that you are a member of.

HTH,

Ken

Matthew Stitt
<Matthe...@ABCDISTRIBUTING.COM> To: TSO-...@VM.MARIST.EDU
cc:
Sent by: TSO REXX Discussion List Subject: RACF Group id
<TSO-...@VM.MARIST.EDU>

Tuesday April 22, 2003 14:28
Please respond to TSO REXX
Discussion List

UHRIG, PETER

unread,
Apr 22, 2003, 9:45:33 AM4/22/03
to
--- Erhalten von ORGAINFO.UHRIG 4470 22-04-03 15.42

-> tso-...@vm.marist.edu

hi,
if you have interest i have a rexx-proc who put out the listuser command
but very improved. the command also include all groups, the omvs segment
and the tso segment.

regards peter

Tom Parker

unread,
Apr 22, 2003, 9:45:07 AM4/22/03
to
Try this:

GROUPID = RACVAR('GROUPID')

Tom Parker


----------------------------------------------------------------------------------------

This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
----------------------------------------------------------------------------------------

Matthew Stitt
<Matthew.Stitt To: TSO-...@VM.MARIST.EDU
@ABCDISTRIBUTING cc:
.COM> Subject: RACF Group id


Sent by: TSO
REXX Discussion

List <TSO-REXX


04/22/03 08:28
AM


Please respond
to TSO REXX
Discussion List


Is there a variable in REXX which can give a user's group id? We can get
the user id, but would like to query the group name from RACF.

Thanks.....


****************************************************************************************************

This e-mail and any files transmitted with it are confidential to abc
distributing, llc.
("abc"), and may contain proprietary or copyrighted materials belonging to
abc, which
are intended solely for the individual named. If you are not the named
addressee, you
are notified that any copying, dissemination, distribution or disclosure of
any or all of its
contents, and any action taken in reliance on the transmission, are
unauthorized and
prohibited. Please notify abc immediately by e-mail reply if you have
received this
transmission in error and take all necessary and appropriate actions to
permanently
delete it from your system.
*****************************************************************************************************

Gray, Alastair

unread,
Apr 22, 2003, 9:38:41 AM4/22/03
to
You could try :

psaold = Storage(D2x(548),4) /* Pointer to curr ASCB */
ascbasxb = Storage(D2x(C2d(psaold)+108),4) /* Get the ASXB address */
asxbsenv = Storage(D2x(C2d(ascbasxb)+200),4) /* Get the ACEE address */
aceefcgp = Storage(D2x(C2d(asxbsenv)+116),4) /* get the group list add*/
cgrplen = Storage(D2x(C2d(aceefcgp)+5),3) /* get the list length */
cgrplen = C2d(cgrplen) /* */
cgrp = Storage(D2x(C2d(aceefcgp)+32),(cgrplen-32)) /* get groups */
groups = '' /* initialise variable */
Do loop = 1 to cgrplen by 24 /* loop thru groups */
groups = groups||' '||Strip(Substr(cgrp,loop,8)) /* add to variable */
End /* */
Say groups

Which will list all groups the user is a member of.

Alastair Gray
Systems Type

Kollar, Keith R

unread,
Apr 22, 2003, 10:03:43 AM4/22/03
to
Some quick and dirty code adapted from a similar exec I use to extract an email address we bury in the RACF installation data;

Arg UID
If UID = '' Then
UID = Userid()
GroupName = ''
x = outtrap(prof.,,'noconcat')
address TSO
"LU "UID
rcode = rc
x = outtrap(off)
if rcode = 0 then
do i = 1 to prof.0
parse value prof.i with 'DEFAULT-GROUP=' GroupName ' ' TheRest
if GroupName ャ= '' Then
Say GroupName
end
Exit


If you want anything else from an LU, just replace the "DEFAULT-GROUP" with a different search string.

Keith Kollar
Fair Isaac Corporation
Arden Hills, MN 55126

Fogg, George C

unread,
Apr 22, 2003, 2:16:20 PM4/22/03
to
Matthew: There is three non-APF ways to get group information from REXX. You can get the logon group name used since the ACEE is addressable from REXX (shown below) or by the RACVAR statement (providing your site defined the RACF REXX variables), and get the list on groups you are connect to (that not in revoke status) by the example below. However, you cannot get the default group without doing some APF code to extract it from the user's profile in the RACF database.

Example: I took the liberty to add an additional two lines to Alastair Gray's REXX code he posted earlier in the day to display the groupid used during logon that resides at ACEE+30.

psaold = Storage(D2x(548),4) /* Pointer to curr ASCB */
ascbasxb = Storage(D2x(C2d(psaold)+108),4) /* Get the ASXB address */
asxbsenv = Storage(D2x(C2d(ascbasxb)+200),4) /* Get the ACEE address */

logongrp = Storage(D2x(c2d(ASXBSENV)+30),8) /* GroupID used in logon */

aceefcgp = Storage(D2x(C2d(asxbsenv)+116),4) /* get the group list add*/
cgrplen = Storage(D2x(C2d(aceefcgp)+5),3) /* get the list length */
cgrplen = C2d(cgrplen) /* */
cgrp = Storage(D2x(C2d(aceefcgp)+32),(cgrplen-32)) /* get groups */
groups = '' /* initialise variable */
Do loop = 1 to cgrplen by 24 /* loop thru groups */
groups = groups||' '||Strip(Substr(cgrp,loop,8)) /* add to variable */
End

Say 'Groupid used in TSO Logon =' logongrp
Say groups


George Fogg
Boeing Co. Shared Services Group
z/OS Delivery Systems
MS: 7J-09 PH: 425.957.5574
email: george...@boeing.com

Matthew Stitt

unread,
Apr 22, 2003, 2:27:00 PM4/22/03
to
Don't mean to be stupid, but what do you mean by "defined the RACF REXX variables"?

-----Original Message-----
From: Fogg, George C [mailto:george...@BOEING.COM]
Sent: Tuesday, April 22, 2003 2:15 PM
To: TSO-...@VM.MARIST.EDU
Subject: Re: RACF Group id


Matthew: There is three non-APF ways to get group information from REXX. You can get the logon group name used since the ACEE is addressable from REXX (shown below) or by the RACVAR statement (providing your site defined the RACF REXX variables), and get the list on groups you are connect to (that not in revoke status) by the example below. However, you cannot get the default group without doing some APF code to extract it from the user's profile in the RACF database.

Example: I took the liberty to add an additional two lines to Alastair Gray's REXX code he posted earlier in the day to display the groupid used during logon that resides at ACEE+30.

****************************************************************************************************

Fogg, George C

unread,
Apr 22, 2003, 4:00:35 PM4/22/03
to
Your not stupid--perhaps unaware of the IRREFPCK directory package that needs to be installed and should be part of the system build process for every release of the security server with RACF. Or make sure the directory package is included in each system build. However, I haven't seen any new functions/variables since we installed it a long time ago.
See Chapter 26.4.1 in the RACF System Programmers Guide http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ICHZA230/CCONTENTS?SHELF=EZ2ZO107&DN=SA22-7681-03&DT=20020628120605

Below is a description of how-to on the RACF variables snipped out of the RACF macros and Interface Manual:

----------------------------------------------------------------------------------------------------------------------------
The REXX RACVAR function is a RACF service for REXX execs; it provides information about the running user.

The REXX RACVAR function has four arguments. It provides information about:


USERID
The user ID that is in the ACEE

GROUP
The group name that is in the ACEE

SECLABEL
The seclabel that is in the ACEE

ACEESTAT
The status of the ACEE. The function returns NO ACEE, DEFAULT, DEFINED, or UNDEFINED


Below is a sample REXX exec that uses RACVAR to check the USERID, GROUP, and SECLABEL in the user's ACEE.

/* rexx */
say "Current ACEE status is " racvar('ACEESTAT') "."
if racvar('ACEESTAT') = 'NO ACEE' then
do
say ' You have no ACEE defined'
end
else
do
say "Your user ID is " racvar('USERID') "."
say "You are connected to group " racvar('GROUP')"."
current_seclabel = racvar('SECLABEL')
if current_seclabel = ' ' then
do
say ' You have no SECLABEL defined'
end
else
do
say "Your SECLABEL is " current_seclabel"."
end
end
return


To execute the REXX RACVAR function, your REXX parameter module must contain an entry for RACF's IRREFPCK directory package which, in turn, supports the RACVAR function. For descriptions on REXX parameter modules and updating and integrating them, see the z/OS TSO/E REXX Reference in the sections that describe Programming Services, Function Packages, and function directories.
---------------------------------------------------------------------------------------------------------------------------

George Fogg
Boeing Co. Shared Services Group
z/OS Delivery Systems
MS: 7J-09 PH: 425.957.5574
email: george...@boeing.com


-----Original Message-----
From: Matthew Stitt [mailto:Matthe...@ABCDISTRIBUTING.COM]

Sent: Tuesday, April 22, 2003 11:27 AM
To: TSO-...@VM.MARIST.EDU
Subject: Re: RACF Group id

Don't mean to be stupid, but what do you mean by "defined the RACF REXX variables"?

*****************************************************************************************************

0 new messages