Lennie, I know about not giving userids access to resources (see Jump up and down: Do not give userids access to resources! <https://colinpaice.blog/2025/05/25/jump-up-and-down-do-not-give-userids-access-to-resources/> ) I've been dealing with the zD&T system from IBM with resources like
- FACILITY BPX.CONSOLE with access to IBMUSER, IZUSVR, CFZSRV, TCPIP and - FACILITY BPX.DAEMON with 10 userids and no groups! I wrote my program to extract the userid profiles for this environment. Colin On Thu, 5 Mar 2026 at 11:13, Lennie Bradshaw <[email protected]> wrote: > Colin, > > Most well-organised RACF shops will not allow RACF users in access lists. > Access is manipulated using permits to groups and group connects to RACF > users. > That makes cloning a user far easier as for access purposes you identify > the group connects. > > Lennie > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf > Of Colin Paice > Sent: 05 March 2026 09:56 > To: [email protected] > Subject: Re: Mainframe ID's > > I understand. > > I used my code to replicate a userid by running my program and changing > COLIN to COLIN1 in the output. > My program will not help if individual userids (rather than groups) have > access to a resource; you have to look at every resource to find the id's > access. > > Colin > > On Thu, 5 Mar 2026 at 08:35, ITschak Mugzach < > [email protected]> wrote: > > > Colin, > > > > I think that Steve talked about copying a user, not just create one. > > In racf it is a two step task, first collect information from the name > > utility and than look which authority the user have on the resource. > > Alternatively usr the unload utility > > > > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere > > Platform* *|* *Information Security Continuous Monitoring for Z/OS, > > zLinux and IBM I **| * > > > > *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 > > **|* > > *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* > > > > > > > > > > > > בתאריך יום ה׳, 5 במרץ 2026 ב-9:42 מאת Colin Paice < > > [email protected]>: > > > > > I have a program (under development) which recreates the RACF > > > command > > used > > > to create a used/dataset/resource profile. > > > You pass parameters U COLIN > > > It generates > > > ADDUSER COLIN > > > > > > CONNECT COLIN GROUP(IZUADMIN) UACC(READ) SPECIAL AUDITOR - > > > REVOKE(01/01/27) - > > > RESUME(01/02/27) > > > CONNECT COLIN GROUP(IZUUSER) UACC(NONE) > > > CONNECT COLIN GROUP(SYS1) UACC(NONE) - > > > REVOKE(01/01/27) - > > > RESUME(01/02/27) > > > > > > ALTUSER - > > > COLIN - > > > OWNER (COLIN) - > > > NOADSP - > > > NOOPERATIONS - > > > NOGRPACC - > > > NAME ('CCPAICE') - > > > DFLTGRP (TEST) - > > > DATA ('COLIN''S WITH A QUOTE') - > > > NOAUDITOR - > > > CLAUTH (CSFSERV) - > > > NOREST - > > > NOROAUDIT - > > > WHEN( - > > > DAYS (SUNDAY - > > > MONDAY - > > > TUESDAY - > > > WEDNESDAY - > > > THURSDAY - > > > FRIDAY - > > > SATURDAY) - > > > TIME (ANYTIME)) > > > ALTUSER - > > > COLIN - > > > TSO (ACCTNUM ('ACCT#') - > > > COMMAND ('ex ''colin.zlogon.clist''') - > > > PROC (ISPFPROC) - > > > SIZE (2096128) - > > > MAXSIZE (2096128) - > > > USERDATA (0000) - > > > UNIT (3390)) > > > ALTUSER - > > > COLIN - > > > OMVS (UID (990021) - > > > HOME ('/u/tmp/zowet/colin') - > > > PROGRAM ('/u/zopen/usr/local/bin/bash') - > > > MMAPAREAMAX (16777216) - > > > SHMEMMAX (300M)) > > > > > > > > > Is this what you are after ? > > > > > > Colin > > > > > > > > > On Wed, 4 Mar 2026 at 20:35, Steve Beaver < > > > [email protected]> wrote: > > > > > > > We have all struggled with replicating a TSO id without something > > > > like > > > VRA > > > > or zSecure > > > > > > > > > > > > > > > > I'm learning more about TSS - it has a convent command > > > > > > > > > > > > > > > > TSS RENAME(acid) ACID(new acid) > > > > > > > > > > > > > > > > That works nicely. The only thing you really need to do is DEFINE > > > > an > > > ALIAS > > > > and rename the datasets provided there are no a billion of them > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------ > > > > ---- For IBM-MAIN subscribe / signoff / archive access > > > > instructions, send email to [email protected] with the > > > > message: INFO IBM-MAIN > > > > > > > > > > -------------------------------------------------------------------- > > > -- For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to [email protected] with the message: INFO > > > IBM-MAIN > > > > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
