/* RACFEXPL - Export RACF network (VMLAN) security settings */ /* Runs on the source system */ /* output - REXX exec to be run on new system */ CMDFILE='RACFIMPL EXEC A' /* erase output file if exists */ ADDRESS COMMAND 'ESTATE 'CMDFILE If RC = 0 Then 'Erase 'CMDFILE /* insert comment statement */ CMDCTR=1 CMDLST.CMDCTR='/* RACFIMPL - Run on the target z/VM System */' /* execute RACF SEARCH (SR) command for member of the VMLAN class */ /* and place the results in an array */ 'pipe', 'command EXEC RAC SR CLASS(VMLAN)', '| drop 1', '| stem VMLAN.' /* for each VMLAN resource found execute the RACF resource list (rl) */ /* command and extract the list of authorized users and the */ /* user's access level and place the results into an array */ Do v = 1 to VMLAN.0 /* Build an RDEF statement for each new resource */ CLASS='VMLAN' RES=VMLAN.v Call GetUACC CMDCTR=CMDCTR+1 CMDLST.CMDCTR="/* */" CMDCTR=CMDCTR+1 CMDLST.CMDCTR="/* VMLAN Resource: "RES" */" CMDCTR=CMDCTR+1 CMDLST.CMDCTR="/* */" CMDCTR=CMDCTR+1 CMDLST.CMDCTR="'RAC RDEFINE VMLAN "RES" OWNER("OWNER") UACC("UACC")'" 'pipe', 'command EXEC RAC RL VMLAN 'RES' all', '| frlabel USER | tolabel ID | drop 2 | drop last 1', '| specs words 1-2', '| stem usracc.' /* for each authorizd user build a RACF PERMIT (PE) command */ /* for the current resource */ Do a = 1 to usracc.0 parse var usracc.a uid acc . CMDCTR=CMDCTR+1 CMDLST.CMDCTR="'RAC PE "VMLAN.v" CLASS(VMLAN) ID("uid") ACC("acc")'" End End /* write the commands to the output file */ CMDLST.0=CMDCTR 'pipe stem CMDLST. | >> 'CMDFILE Say 'File 'cmdfile' has been created' Exit GetUACC: 'pipe command EXEC RAC RL 'CLASS' 'RES, '| drop 6', '| specs wordsep space words 2-3 1', '| split | strip leading | strip trailing | join / /', '| var RDEF' Parse var RDEF OWNER UACC Return