Re: ACF2/RACF User Appliation Logical Access

Fri, 06 Jan 2012 09:21:49 -0800 

Based on my past experiences with ACF2, I believe that ACF2 acts as if 
each rule line contains, in RACF terms, as asterisk after the last 
character.  For example, if there are the following resources protected:

APPL
APPL1
APPL2
APPX

Under RACF, access to APPL would only allow access to that resource. 
However (as I said this is based on old data, and may be incorrect) ACF2 
would treat the resource as if it was specified as APPL*, so access to 
APPL would allow access to APPL1 and APPL2 as well as APPL. 
If this is incorrect I would welcome being corrected.
===============================================
Wayne Driscoll
OMEGAMON DB2 L3 Support/Development
wdrisco(AT)us.ibm.com
===============================================



From:
"Shmuel Metz (Seymour J.)" <shmuel+ibm-m...@patriot.net>
To:
IBM-MAIN@bama.ua.edu
Date:
01/06/2012 10:07 AM
Subject:
Re: ACF2/RACF User Appliation Logical Access
Sent by:
IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu>



In
<04b3da7b71b3ab408ca62ba6046bcf8f23d673a...@gvw0676exc.americas.hpqcorp.net>,
on 01/05/2012
   at 11:49 PM, "Henke, George" <george.he...@hp.com> said:

>Does anyone know how ACF2 validates a users access to specific
>applications?

Not without knowing how the installation has defined each.

>Recently we tried to migrate from ACF2 to RACF and were forced to
>fallback because ACF2 was somehow *wildcarding* a user's access to
>applications whereas RACF was iterating through a list of
>applications.

What are you trying to say?
 
-- 
     Shmuel (Seymour J.) Metz, SysProg and JOAT
     ISO position; see <http://patriot.net/~shmuel/resume/brief.html> 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN




----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN

Reply via email to