IBM Mainframe Forum Index
 
Log In
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register
 

How to Get RACF ID and RACF Name in CICS Screen?


IBM Mainframe Forums -> CICS
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
sreejeshcs

New User


Joined: 28 May 2007
Posts: 31
Location: Pune

PostPosted: Fri Dec 06, 2013 3:02 pm
Reply with quote

Hi,

I have a requirement to validate RACF ID and if valid I have to populate RACF NAME.

How can I validate the RACF USER ID and to populate name?

Thanks
Sreejesh
Back to top
View user's profile Send private message
Bill O'Boyle

CICS Moderator


Joined: 14 Jan 2008
Posts: 2501
Location: Atlanta, Georgia, USA

PostPosted: Fri Dec 06, 2013 3:25 pm
Reply with quote

Review the ASSIGN USERID API.
Back to top
View user's profile Send private message
sreejeshcs

New User


Joined: 28 May 2007
Posts: 31
Location: Pune

PostPosted: Fri Dec 06, 2013 3:32 pm
Reply with quote

"ASSIGN USERID " will give for the USER who is using the Screen right? If I am using the inline screen I will enter RACFUSER ID of another Person and that RACF ID and name need to be validated.
Back to top
View user's profile Send private message
Bill O'Boyle

CICS Moderator


Joined: 14 Jan 2008
Posts: 2501
Location: Atlanta, Georgia, USA

PostPosted: Fri Dec 06, 2013 3:50 pm
Reply with quote

Yes, the ASSIGN USERID API will return the 8-Byte Userid associated with the person who signed-on to this screen/terminal. The USERNAME (25-Bytes) is the Username associated with this Userid. It can be obtained via the ASSIGN USERNAME API.

Normally, disclosure of USERID and USERNAME are kept secure by ESM (External Security Manager) personnel (IE: RACF) whose secrecy is usually advocated by management, as another User could violate their usage, privileges and access authority.

Management may not approve of this, so tread lightly.
Back to top
View user's profile Send private message
sreejeshcs

New User


Joined: 28 May 2007
Posts: 31
Location: Pune

PostPosted: Mon Dec 09, 2013 5:40 pm
Reply with quote

We need to use RACF ID to Assign access, Admin if the appication to enter RACFID and to validate. If valid user ID Populate the RACF user name. How this we can achive?

Can we pass RACFID to some command and to know RACF is valid and get the RACF name?
Back to top
View user's profile Send private message
Bill O'Boyle

CICS Moderator


Joined: 14 Jan 2008
Posts: 2501
Location: Atlanta, Georgia, USA

PostPosted: Mon Dec 09, 2013 6:43 pm
Reply with quote

If you know the target EIBTRMID of the given user, issue an INQUIRE TERMINAL API against it and it will return (amongst other values), the 8-Byte USERID and the 25-Byte USERNAME.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8696
Location: Dubuque, Iowa, USA

PostPosted: Mon Dec 09, 2013 6:50 pm
Reply with quote

Quote:
We need to use RACF ID to Assign access, Admin if the appication to enter RACFID and to validate. If valid user ID Populate the RACF user name. How this we can achive?
My first question is how would you have an INVALID user id?

Unless you are doing something unusual, the normal EXEC CICS INQUIRE function -- as you have been told several times already -- should provide you with what you want.

If the EXEC CICS INQUIRE function will not meet your needs -- for whatever reason -- contact your site support group and work with your RACF administrator. Security information is typically closely guarded at most sites and you do not want to violate site procedures in this area.
Back to top
View user's profile Send private message
sreejeshcs

New User


Joined: 28 May 2007
Posts: 31
Location: Pune

PostPosted: Wed Dec 11, 2013 5:06 pm
Reply with quote

Let me clarify What I am looking for. We are creating a new application on CICS, the users who can use the screen we need to control the acess using RACF ID.

We are planning to one USER Admin Screen, where Admin can enter RACFID and if the RACF ID is valid one auto-populate the RACF name. I am looking a functionality to achive this one.
Back to top
View user's profile Send private message
Robert Sample

Global Moderator


Joined: 06 Jun 2008
Posts: 8696
Location: Dubuque, Iowa, USA

PostPosted: Wed Dec 11, 2013 5:55 pm
Reply with quote

CONTACT YOUR SITE SUPPORT GROUP. They can assist you in determining whether or not what you want is available (through the RACF interface or by other means) and if not what you can get. There is no reason to keep badgering us on this forum -- we do not work at your site, we do not know your site standards and procedures, and we do not know your application.

CONTACT YOUR SITE SUPPORT GROUP!
Back to top
View user's profile Send private message
Bill O'Boyle

CICS Moderator


Joined: 14 Jan 2008
Posts: 2501
Location: Atlanta, Georgia, USA

PostPosted: Wed Dec 11, 2013 6:07 pm
Reply with quote

I think we've beaten this horse into submission.

The only suggestion remaining is to review the CICS/RACF Security Guide and consult with your Site Support Group (as has been suggested). Here's the link to the TS/4.1 version -

publib.boulder.ibm.com/cgi-bin/bookmgr/download/DFHT5D02.pdf?DT=20110727091726&XKS=dfhbsj03

Resource Security needs to be secure and taken seriously and this is why we're urging you to seek assistance from within your organisation.
Back to top
View user's profile Send private message
Rohit Umarjikar

Global Moderator


Joined: 21 Sep 2010
Posts: 3048
Location: NYC,USA

PostPosted: Fri Dec 13, 2013 5:25 am
Reply with quote

Quote:
We are creating a new application on CICS, the users who can use the screen we need to control the acess using RACF ID.


1)You can create indexed file add all the user ids and names to which you would like to give access.
Quote:
We are planning to one USER Admin Screen, where Admin can enter RACFID and if the RACF ID is valid one auto-populate the RACF name. I am looking a functionality to achive this one.

2)As mentioned by the experts use ASSIGN USERID at the start of your program, now cross check this userida gainst the indexed file(USERID must be key) ano now,
a)If found then user has a access to this admin screen and get the user name from the same file and send to screen b)If not found thn send a message saying no access to admin screen
3) Control the access to the admin screen by adding or removing the USER ID's from the Indexed file.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> CICS

 


Similar Topics
Topic Forum Replies
No new posts RACF - Rebuild SETROPTS command which... All Other Mainframe Topics 3
No new posts Using API Gateway from CICS program CICS 0
No new posts Calling an Open C library function in... CICS 1
No new posts How to 'Ping' a CICS region in JCL CICS 2
No new posts Parallelization in CICS to reduce res... CICS 4
Search our Forums:

Back to Top