IBM Mainframe Forum

Mainframe Technical Support Forums
https://www.ibmmainframeforum.com/

RLIST Clarification

https://www.ibmmainframeforum.com/mainframe-security/topic7871.html

Page 1 of 1

RLIST Clarification

PostPosted: Wed Jul 11, 2012 11:56 am
by jaggz
Dear All,

I am trying to understand the access count for the profile IRR.LISTUSER but when I do
Select all
RLIST FACILITY IRR.LISTUSER
. I don't see the access count displayed though some of the RACF persons do have the access to List the user.

My objective to check is that I am trying to provide LISTGROUP and LISTUSER for a new RACF support person but he fails while listing the user belonging to other Default Group.

Commands Used :

Select all
PE IRR.RADMIN.LISTGROUP CL(FACILITY) ID(USER) ACC(READ)
SETR RACLIST(FACILITY) REFR
PE IRR.RADMIN CL(FACILITY) ID(USER) ACC(READ)
SETR RACLIST(FACILITY) REFR


Error message :
Select all
ICH30002I NOT AUTHORIZED TO LIST USER


Not sure where I am missing. Could anyone please shed some light on the above.

Jaggz

Re: RLIST Clarification

PostPosted: Wed Jul 11, 2012 9:57 pm
by steve-myers
What's the point of a "RACF support person" that has LISTUSER and perhaps some other RACF list capabilities?

In any event, there is no such thing as IRR.RADMIN.LISTGROUP.

I suggest you read "Delegating the authority to list user information in only selected user profiles" in Security Server RACF Security Administrator's Guide for your z/OS release.
All times are UTC + 5:30 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/