Colin, Most well-organised RACF shops will not allow RACF users in access lists. Access is manipulated using permits to groups and group connects to RACF users. That makes cloning a user far easier as for access purposes you identify the group connects.
Lennie -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Colin Paice Sent: 05 March 2026 09:56 To: [email protected] Subject: Re: Mainframe ID's I understand. I used my code to replicate a userid by running my program and changing COLIN to COLIN1 in the output. My program will not help if individual userids (rather than groups) have access to a resource; you have to look at every resource to find the id's access. Colin On Thu, 5 Mar 2026 at 08:35, ITschak Mugzach < [email protected]> wrote: > Colin, > > I think that Steve talked about copying a user, not just create one. > In racf it is a two step task, first collect information from the name > utility and than look which authority the user have on the resource. > Alternatively usr the unload utility > > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere > Platform* *|* *Information Security Continuous Monitoring for Z/OS, > zLinux and IBM I **| * > > *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 > **|* > *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* > > > > > > בתאריך יום ה׳, 5 במרץ 2026 ב-9:42 מאת Colin Paice < > [email protected]>: > > > I have a program (under development) which recreates the RACF > > command > used > > to create a used/dataset/resource profile. > > You pass parameters U COLIN > > It generates > > ADDUSER COLIN > > > > CONNECT COLIN GROUP(IZUADMIN) UACC(READ) SPECIAL AUDITOR - > > REVOKE(01/01/27) - > > RESUME(01/02/27) > > CONNECT COLIN GROUP(IZUUSER) UACC(NONE) > > CONNECT COLIN GROUP(SYS1) UACC(NONE) - > > REVOKE(01/01/27) - > > RESUME(01/02/27) > > > > ALTUSER - > > COLIN - > > OWNER (COLIN) - > > NOADSP - > > NOOPERATIONS - > > NOGRPACC - > > NAME ('CCPAICE') - > > DFLTGRP (TEST) - > > DATA ('COLIN''S WITH A QUOTE') - > > NOAUDITOR - > > CLAUTH (CSFSERV) - > > NOREST - > > NOROAUDIT - > > WHEN( - > > DAYS (SUNDAY - > > MONDAY - > > TUESDAY - > > WEDNESDAY - > > THURSDAY - > > FRIDAY - > > SATURDAY) - > > TIME (ANYTIME)) > > ALTUSER - > > COLIN - > > TSO (ACCTNUM ('ACCT#') - > > COMMAND ('ex ''colin.zlogon.clist''') - > > PROC (ISPFPROC) - > > SIZE (2096128) - > > MAXSIZE (2096128) - > > USERDATA (0000) - > > UNIT (3390)) > > ALTUSER - > > COLIN - > > OMVS (UID (990021) - > > HOME ('/u/tmp/zowet/colin') - > > PROGRAM ('/u/zopen/usr/local/bin/bash') - > > MMAPAREAMAX (16777216) - > > SHMEMMAX (300M)) > > > > > > Is this what you are after ? > > > > Colin > > > > > > On Wed, 4 Mar 2026 at 20:35, Steve Beaver < > > [email protected]> wrote: > > > > > We have all struggled with replicating a TSO id without something > > > like > > VRA > > > or zSecure > > > > > > > > > > > > I'm learning more about TSS - it has a convent command > > > > > > > > > > > > TSS RENAME(acid) ACID(new acid) > > > > > > > > > > > > That works nicely. The only thing you really need to do is DEFINE > > > an > > ALIAS > > > and rename the datasets provided there are no a billion of them > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------ > > > ---- For IBM-MAIN subscribe / signoff / archive access > > > instructions, send email to [email protected] with the > > > message: INFO IBM-MAIN > > > > > > > -------------------------------------------------------------------- > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO > > IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
