Hi, I don't think you should do extra checking.
If the user is a member of a group and is not explicitly defined to access a specific profile, but the group he belongs is allowed to access it, then RACROUTE should succeed. Best Regards Ituriel do Nascimento Neto z/OS System Programmer Em quinta-feira, 23 de junho de 2022 12:55:44 BRT, esst...@juno.com <esst...@juno.com> escreveu: Hello, . I'm not a RACF person. . I'm developing two routines to check a userids authority to access a resource in a RACF Facility Class. . One routine issues RACROUTE REQUEST=FATSAUTH, and the other issues RACROUTE REQUEST=AUTH. Both requests work well when checking for an individual user. . The User Id may or may not be part of a Group that has access to a Facility Class Resource. .. How should both functions approach this, without knowing if the user belongs to a RACF group ? Should I examine the ACEE First, to see if the User Id is part of a Group ? Do I need to issue two RAROUTE calls in each routine one for a single userid and a second for the userids group ? Can I issue the RACROUTE for a single user regardless if the user id belongs to a group or not ? . I would prefer to issue a single RACROUTE call in each routine. . I need help understanding this. . What is the recommended approach ? . paul. .. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN