Based on my past experiences with ACF2, I believe that ACF2 acts as if each rule line contains, in RACF terms, as asterisk after the last character. For example, if there are the following resources protected:
APPL APPL1 APPL2 APPX Under RACF, access to APPL would only allow access to that resource. However (as I said this is based on old data, and may be incorrect) ACF2 would treat the resource as if it was specified as APPL*, so access to APPL would allow access to APPL1 and APPL2 as well as APPL. If this is incorrect I would welcome being corrected. =============================================== Wayne Driscoll OMEGAMON DB2 L3 Support/Development wdrisco(AT)us.ibm.com =============================================== From: "Shmuel Metz (Seymour J.)" <shmuel+ibm-m...@patriot.net> To: IBM-MAIN@bama.ua.edu Date: 01/06/2012 10:07 AM Subject: Re: ACF2/RACF User Appliation Logical Access Sent by: IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu> In <04b3da7b71b3ab408ca62ba6046bcf8f23d673a...@gvw0676exc.americas.hpqcorp.net>, on 01/05/2012 at 11:49 PM, "Henke, George" <george.he...@hp.com> said: >Does anyone know how ACF2 validates a users access to specific >applications? Not without knowing how the installation has defined each. >Recently we tried to migrate from ACF2 to RACF and were forced to >fallback because ACF2 was somehow *wildcarding* a user's access to >applications whereas RACF was iterating through a list of >applications. What are you trying to say? -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see <http://patriot.net/~shmuel/resume/brief.html> We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN