zSecure CARLa Fundamentals

This zSecure course provides essential CARLa skills for all organisations using IBM's zSecure. This is a hands-on class in which attendees will write various CARLa programs, enabling them to gain a full understanding of the CARLa programming language.

This course is also available for exclusive one-company presentations live over the Internet via RSM's Virtual Classroom Environment service.

Please note that the class scheduled to run 6-8 September will start each day at 10:00 Eastern Time (i.e. GMT+5).

Virtual Classroom Environment dates - click to book!

UK Start Times

2 April 2024 15 July 2024 11 September 2024

What is a 'Virtual Classroom Environment'?


What do I need?

  • webcam
  • headphones with microphone
  • sufficient bandwidth, at least 1.5 Mb/s in each direction.

What you will learn

On successful completion of this course you will be able to:

  • write a CARLa program listing RACF user and group profiles based upon your selection criteria
  • create and run CARLa queries to list those RACF dataset and general resource profiles not available with zSecure predefined reporting functions
  • produce a CARLa program, which generates RACF commands based upon various selection criteria
  • run CARLa in batch
  • produce reports from SMF data.

Who Should Attend

The course is suitable for RACF Administrators who will use zSecure for creating reports and performing RACF administration.


Attendees should have thorough working knowledge of RACF & zSecure or have attended the RSM courses RACF Administration and Auditing and zSecure Basic Admin & Reporting.


3 days

Fee (per attendee)

£2350 (ex VAT)


This includes free online 24/7 access to course notes.


Hard copy course notes are available on request from rsmshop@rsm.co.uk

at £50.00 plus carriage per set.

Course Code



Introduction and the CARLa Interface

Introduction to the CARLa language; how the CARLa programming language is embedded in the zSecure ISPF interface.
Introduction to the CARLa language; how the CARLa programming language is embedded in the zSecure ISPF interface.


The SELECT statement - information overview; Select profiles by class and by segment; SELECT specific profiles; SELECT profiles using: attributes, the MASK keyword, other filters, the MATCH option; Listing selected profiles in the RACF search order; SELECT profiles by using: BESTMATCH option, any profile field, SCAN option, substring in text field, comparison, repeat groups; Multiple conditions; Implicit AND; Explicit OR; Parentheses; Implicit OR; EXCLUDE statement; Exclude by using NOT keyword in SELECT; SELECT statement: Instdata examples; Selecting by repeat group fields examples; Displaying and formatting; Showing information; SORTLIST statement; LIST statement; LIST statement restriction; Field formats; Field output modifiers; Repeat group output modifiers; Using output modifiers example; CARLa-composed fields; Printing literals; Printing literals: Quotation marks; Suppressing automatically inserted spaces; User-defined fields; Introducing your own variables; Simple redefinitions; DEFINE: BOOLEANs.
In this segment you will learn further details regarding the CARLa SELECT and SORTLIST statements.

Frequently Used CARLa Functions

Repeat groups; User profile repeat groups; Group profile repeat groups; Resource profile repeat groups; Resource profile listing; SUBSELECT; Defining a SUBSELECT variable; ACL exploded format; Conditional program access; Specific conditional program access; ACL and Connects field names; Groups with UNIVERSAL attribute; Blank lines; Suppressing blank lines; ACL output modifiers: ACLID; ACL output modifiers: ACLACCESS; DISPLAY keyword; DISPLAY; Second-level display; Disallowing RACF command generation; Dissallowing the use of line commands on second-level display; Additional CARLa functions; RACF information LOOKUP; Indirect reference; Base fields; Most frequently used fields; Explicit; SELECT statement; Implicit; SUBSTR function; WORD function; PARSE functions; EXISTS function; MISSING function.
Working with repeat groups; the use of the DISPLAY keyword; other popular CARLa functions such as: LOOKUP, SUBSTR, WORD, PARSE, EXISTS, and MISSING.


Options and keywords that can be used with the NEWLIST and SUMMARY statements.
Options and keywords that can be used with the NEWLIST and SUMMARY statements.

Advanced CARLa Functions

NEWLIST keyword; Profiles linked; Results of omitting NEWLIST; Frequently used options; Multiple NEWLIST statements; Merging multiple NEWLIST statements; MERGELIST: Example; LIKELIST keyword; BUNDLE; Normal sequence; Adjusted report sequence; Sample output; SUMMARY keyword; SUMMARY; Adding statistical variables; SUMMARY ; SUMMARY with MIN and MAX statistics; SUMMARY with other statistics; Multiple-level SUMMARY; SUMCOUNT; Sorting in descending order; Applying a threshold; No propagation; RACF command generation; Output redirection: FILE=filename; FILE=CKRCMD; NOPAGE keyword; $ACL format; $CONNECT format RETAIN keyword; Changing the owner of group profiles; Changing UACC of general resource profiles.
Some of the more advanced CARLa functions explained in detail.

SMF Reporting via CARLa

SMF reporting; SMF records; RACF events; RACF authority; RACF reason; SMF reporting; RECORDDESC field; RACF commands issued; RACF commands: Output modifiers; RACFCMD field names; SMF resource access records; RACFAUTH field: Example; RACF commands that administrators issue; Reporting user profile changes; Reporting permissions; General SMF log event reporting; Summarising events by record type; Summarising events for all active users; Reporting access events, filtered by user ID; Reporting of events by date and time; Reporting dataset access events; Operations usage summary report; Operations resource access summary report.
How CARLa can be used to process SMF records for generating audit & monitoring reports.

Other Supported CARLa NEWLIST Types & Functions

Introduction to additional CARLa NEWLIST types; Report trusted users; Report access matrix; Sensitive dataset names; Sensitive dataset names report; Customised class descriptor table overview; Reporting system-wide RACF options; NEWLIST type: RACF_ACCESS; NEWLIST type: RACF_ACCESS simulate; NEWLIST type: RACF_ACCESS simulate resource; RACF_ACCESS: No-merge example; RACF_ACCESS: Merge example; Two-pass CARLa: Re-verification > UPDATE access; Scope Report: Permissions only; Scope report: All accesses; Scope report: Customised content and layout; zSecure users' forum.

CARLa in Batch

Using external files and email; External (installation defined) files; JCL; Output; Two-step CARLa program; Second step of two-step CARLa program; Two-step CARLa program output; Report distribution by email; Email options; Matching variable email addresses; Email job SDSF output; Automating command generation using CARLa; Two-pass CARLa in batch; Second pass of two-pass CARLA in batch; Generating USS commands in batch; Generating USS commands: second step; Generating a WTO or XML-formatted output; Generating a WTO: Testing; Production; System log example of generated WTO message; XML: Some definitions; Generating XML: Output destinations; XML-pertinent CARLa keywords; XML CARLa restrictions; CARLa functions not supported by XML; XML examples; XML example: Output in default browser (read-only); XML example: Output in MS Excel; XML example: Multiple reports; XML multiple reports output with hyperlinks; XML and email example; XML and email example: Output in email; XML example: Opening an attachment by using MS Excel.
How certain reports or activities are better automated by using CARLa in batch jobs.

What the students say

IT Security Engineer

Danske Bank A/S

© RSM Technology 2022