On Wed, 13 May 2009 03:54:27 -0500, Joe Owens <[email protected]> wrote:
>At the same time as doing a FASTAUTH request, I'm trying to determine the >profile that matched the request, which might come from the main class, or >MEMBER entries of the grouping class. > >The manual says that RACF work area word 14 points to the instorage profile >(RACRPE) that was used, but there is nothing in that area to indicate the >profile name that matched (or the GMEMBER, if the match came from the >grouping class). > >http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ichzc680/3.27? >SHELF=EZ2ZO10K&DT=20070428002442 > >I can use EXTRACT with MATCHGN=YES to find which generic profile matches, >but I don't think this takes into account grouping class matches. In the most general case you can not determine "the" profile name because there is none. The in-storage profile data will have resulted from a merging operation among several grouping profiles and possibly a member profile, too. Even if the in-storage profile data resulted from a single grouping or member profile, with no merging, RACF provides no way for you to determine the actual profile the in-storage data came from. You can at most determine the member name (which might be in the member class, or in some grouping class profile), not the actual profile name. And, as noted above, if merging occurred there really isn't "a" profile. Why do you need this? [By the way, RACF-L is better for RACF questions than IBM-MAIN.] -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
