Michael, Your assumption is essentially correct. Depending on what you are attempting to do within SDSF, RACF will make authorization calls to the SDSF, JESSPOOL, WRITER, and/or OPERCMDS classes. It only makes these calls if the corresponding class is active, and in the case of OPERCMDS also RACLISTed. (The other classes can be optionally RACLISTed.) If RACF sends back a return code of 0 (authorized) or 8 (not authorized), SDSF grants or denies the access based on this. If RACF sends back a 4 (not protected), SDSF reverts to ISFPARMs.
Regards, Bob Robert S. Hansel RACF Specialist RSH Consulting, Inc. www.rshconsulting.com 617-969-8211 -----Original Message----- Date: Fri, 16 Mar 2007 07:11:15 -0500 From: Michael Babcock <[EMAIL PROTECTED]> Subject: SDSF and External Security Sorry for the bad formatting. Hope this is better. What's the best way to tell if SDSF is using external security? We have some LPARs that have the SDSF class active, but few profiles. SDSF's ISFPARMS don't appear to be using external security. Is there a way to tell definitively? Or will SDSF use a combination? I would assume it would use external security for those profiles that are defined, but revert to ISFPARMs if no profile was defined. Am I correct? For example, one LPAR has the SDSF class active (but not RACLISTed). These are the profiles defined in the SDSF class (and there is no catchall). (snip) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
