Hi Paul, No extra checking is needed. You give RACF the userID and resource you want checked and it handles the rest. RACF has a well-documented flowchart it goes through, where it checks the userID first and if that doesn't grant specific access, it moves to the groups the user is a member of and if nothing there, it checks the UACC of the resource. No need to do separate checking. The only thing you may want to verify is that you have " LIST OF GROUPS ACCESS CHECKING" active. That is the option that tells RACF to check all the groups the user is in as opposed to just the current connect group.
Rex -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of esst...@juno.com Sent: Thursday, June 23, 2022 10:53 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] How To Handle RACROUTE logic Hello, . I'm not a RACF person. . I'm developing two routines to check a userids authority to access a resource in a RACF Facility Class. . One routine issues RACROUTE REQUEST=FATSAUTH, and the other issues RACROUTE REQUEST=AUTH. Both requests work well when checking for an individual user. . The User Id may or may not be part of a Group that has access to a Facility Class Resource. .. How should both functions approach this, without knowing if the user belongs to a RACF group ? Should I examine the ACEE First, to see if the User Id is part of a Group ? Do I need to issue two RAROUTE calls in each routine one for a single userid and a second for the userids group ? Can I issue the RACROUTE for a single user regardless if the user id belongs to a group or not ? . I would prefer to issue a single RACROUTE call in each routine. . I need help understanding this. . What is the recommended approach ? . paul. .. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- The information contained in this message is confidential, protected from disclosure and may be legally privileged. If the reader of this message is not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, distribution, copying, or any action taken or action omitted in reliance on it, is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
