CARLa Finding permits same as UACC-Answers

Suggested CARLa program samples - Report permissions equal to UACC

Suggested CARLa program sample - Generate permit delete commands for permits equal to UACC for general resources

Notes regarding the CARLa code previously shown.

The PRINT keyword is used to specify some settings that apply to all NEWLIST statements in the entire CARLa program.
The RETAIN keyword is used to repeat fields that are not part of a repeat group, but are required multiple times. For example, when an ACL contains multiple entries that are obsolete. In that case, you want to repeat the profile and class names in all RACF commands that your CARLa program generates. The use of RETAIN on the PRINT keyword, however, is not supported.
The DEFINE statement is used to select only ACL entries with a specific permitted access level. It must match the UACC level that is filtered in the accompanying SELECT statement.
The output modifier RESOLVE is used on the DEFINE #STRIPACL statement to show the user IDs connected to the permitted groups.
The output modifier $ACL is used on the DEFINE #STRIPACL to automatically generate the trailing part of a PERMIT command. It automatically includes the permitted user ID or group, the access level, and if applicable the condition (for conditional permits).
When the RACF commands are generated in zSecure work data set CKRCMD, you discover that these commands contain an access(<access level>)”. In principle, specifying an access level is not required for a PERMIT DELETE command, but it does not fail the command. When executing these PERMIT DELETE commands this access keyword is automatically ignored by RACF.
After you inspected the generated commands and removed the PERMITs that you want to keep, press F3 to access the RESULTS panel. You could run these commands now to clean up your RACF database by issuing line-command “R”.

Continue with Finding accessible resources

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.