Hello List.
Is there any way to know via Natural API for RACF, which CICS transaction a user have access to?
Saludos…
Hello Euridici,
Could you please provide a more detailed description of what you are trying to achieve. I tried to get an answer from someone who is familiar with RACF and Natural, he was asking for more information.
Kind regards,
Rolf
Hello Rolf.
I am using EntireX Security on the mainframe (os/390). EXS has a Natural interface to RACF that can provide me some information and also can verify user-id and password.
My question is, if I can use the same natural interface (NA2RES) in order to know what CICS transaction or what resources an user have access to on the mainframe.
I know that NA2RES talk with ‘RACROUTE’ and racroute can give me some info…
For example an user ‘AAAA’ only have access to ‘F100’ and ‘F200’ that are very legacy Cobol and Natural transaction already converted to the web using wrappers.
The user ?BBBB? only has access to ‘F300’ and ‘F400’ already converted to the web too.
The idea is to make a main web portal that authenticates and authorizes an user with RACF (Using EXS) and depending on the information that I can read from NA2RES I will show a page only with the application that the user have access to.
‘AAAA’ will see a page with links to F100 and F200 only .
‘BBBB’ will see a page with links to F300 and F400 only .
Regards …
Hello Euridici,
according to the “specialist” you can do that.
He mentioned that NA2RES does not exist (in Natural), it’s called NA2NRES. In an NSF environment it is called NSFNRES.
Kind regards,
Rolf
Ok. they are rigth is NA2NRES, I am making some test …
The subprogram ask me for a function and a Class field, and I don’t know exactly what function and class do I need to do that???..
This is an example that give me a list of users names…
DEFINE DATA
LOCAL USING NA2LEQU
LOCAL USING NA2ARES
END-DEFINE
#RES-FUNC = INDQRDN
#RES-CLAS = ‘USER’
#RES-PROF = ‘A’
#RES-FLDA(1) = ‘PGMRNAME’
*
REPEAT UNTIL #RES-RETC > 0
*
CALLNAT ‘NA2NRES’ NA2ARES
*
DISPLAY #RES-RETC #RES-SERR #RES-PROF #RES-DATA-A(0)
*
LOOP
END
I am trying to find the right function and class in an IBM RACF manual with no succes…
Regards…
I’m just forwarding the information I received:
The class has to be a defined RACF class, such as USER or GROUP or DATASET or any user-defined class such as ADASEC, NBKSAG and so on.
The valid functions are defined in the LDA NA2LEQU:
1 INDQRTV B 1 INIT<H’01’> /* SF: EXTRACT
1 INDQRDN B 1 INIT<H’02’> /* EXTRACTN
1 INDQUPD B 1 INIT<H’03’> /* EXTRACT U
1 INDQDEF B 1 INIT<H’04’> /* DEFINE
1 INDQDEL B 1 INIT<H’05’> /* DELETE
1 INDQCHK B 1 INIT<H’06’> /* AUTH
1 INDQDES B 1 INIT<H’07’> /* DES
1 INDQHSH B 1 INIT<H’08’> /* HASH
1 INDQINS B 1 INIT<H’09’> /* INSTALLAT
1 INDQSDE B 1 INIT<H’0A’> /* STD DES
1 INDQEXG B 1 INIT<H’0B’> /* EXTRACTN(
1 INDQPCH B 1 INIT<H’0C’> /* AUTH/PROX
So your example is extracting the field programmer name from the next user profile after ?A?.
two IBM links I found helpful to understand the fields being passed to NA2NRES:
http://publibfp.boulder.ibm.com/cgi-bin/bookmgr/BOOKS/ichmra01/B.1.5?SHELF=&DT=19950727111421&FS=FALSE
and
http://publibfp.boulder.ibm.com/cgi-bin/bookmgr/BOOKS/ichmra01/CCONTENTS
Be aware that requests to NA2NRES for resources outside those mentioned in the EXS documentation can cause EntireX Security gateway task to abend, so be sure to use a test environment! (And report any abends to support so they can reduce impact to other users!)
Douglas Kelly,
Principal Consultant
Software AG, Inc
Sacramento, California