Thanks for the help.
----- Original Message -----
From: "John Laubenheimer" <[EMAIL PROTECTED]>
Newsgroups: bit.listserv.ibm-main
To: <[email protected]>
Sent: Tuesday, May 20, 2008 1:27 PM
Subject: Re: Question on defining a profile to facility class in RACF
On Tue, 20 May 2008 13:14:05 -0500, David Day <[EMAIL PROTECTED]>
wrote:
rdef facility abc.addrspac.** uacc(none).
RACF does not gripe about this. Says everythingis fine,as far as I can
tell.
next I execute
setropts generic(facility) refresh
I then execute a PERMIT as follows:
permit abc.addrspac.dad* access(read) class(facility) id(dad)
And get the following:
ICH06004I ABC.ADDRSPAC.DAD* NOT DEFINED TO RACF
You created a profile abc.addrspac.** in the facility class; not
abc.addrspac.dad*. You need to issue your permit against abc.addrspac.**,
or create a profile abc.addrspac.dad* in the facility class.
In the absense of profile abc.addrspac.dad*, any RACHECK against this
profile
will resolve itself to profile abc.addrspac.**; this access list is what
is being
used. This access list may be more general that what you want.
(Eventually,
you might want to issue a RACHECK against a profile called
abc.addrspac.mom*, and have a different access list for this profile.)
So, you
just might want to create a more specific profile, and populate that
profile
with whatever access list you want.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
