RLIST Clarification



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

RLIST Clarification

Postby jaggz » Wed Jul 11, 2012 11:56 am

Dear All,

I am trying to understand the access count for the profile IRR.LISTUSER but when I do
RLIST FACILITY IRR.LISTUSER
. I don't see the access count displayed though some of the RACF persons do have the access to List the user.

My objective to check is that I am trying to provide LISTGROUP and LISTUSER for a new RACF support person but he fails while listing the user belonging to other Default Group.

Commands Used :

PE IRR.RADMIN.LISTGROUP CL(FACILITY) ID(USER) ACC(READ)
SETR RACLIST(FACILITY) REFR
PE IRR.RADMIN CL(FACILITY) ID(USER) ACC(READ)
SETR RACLIST(FACILITY) REFR


Error message :
ICH30002I NOT AUTHORIZED TO LIST USER


Not sure where I am missing. Could anyone please shed some light on the above.

Jaggz
User avatar
jaggz
 
Posts: 356
Joined: Fri Jul 23, 2010 8:51 pm
Has thanked: 8 times
Been thanked: 5 times

Re: RLIST Clarification

Postby steve-myers » Wed Jul 11, 2012 9:57 pm

What's the point of a "RACF support person" that has LISTUSER and perhaps some other RACF list capabilities?

In any event, there is no such thing as IRR.RADMIN.LISTGROUP.

I suggest you read "Delegating the authority to list user information in only selected user profiles" in Security Server RACF Security Administrator's Guide for your z/OS release.
steve-myers
Global moderator
 
Posts: 2105
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 243 times


Return to Mainframe Security

 


  • Related topics
    Replies
    Views
    Last post