Thanks, Jerry. Here's what I have for those profiles - imbedded - and I also have a backstop of IZUDFLT.** with UACC NONE and nobody in the user list.
-----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Edgington, Jerry Sent: Thursday, May 7, 2026 12:36 PM To: [email protected] Subject: [EXTERNAL] Re: zOSMF security question Rex, There are many RACF profiles for z/OSMF in ZMFAPLA. My guess is the last one. Jerry IZUDFLT.ZOSMF.WORKFLOW.ADMIN group not on access list IZUDFLT.ZOSMF.WORKFLOW.EDITOR group not on access list IZUDFLT.ZOSMF.WORKFLOW.RUNASUSER profile not defined IZUDFLT.ZOSMF.WORKFLOW.SIGNER profile not defined IZUDFLT.ZOSMF.WORKFLOW.WORKFLOWS group not on access list IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.ENWRP profile not defined IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.INSTALL group not on access list IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.MODIFY group not on access list IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.VIEW group not on access list -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Pommier, Rex Sent: Thursday, May 7, 2026 1:31 PM To: [email protected] Subject: [EXTERNAL] zOSMF security question Hey all, I have a question that's bugging me with z/OSMF security. Background is I have a development manager who wants to access z/OSMF for front-ending ISPF. I created a new z/OSMF group with limited access. I was able to successfully remove the group from accessing software management and some of the other z/OSMF functions. However I also want to remove them from being able to access workflows. I found the profile IZUDFLT.ZOSMF.WORKFLOW.WORKFLOWS in the ZMFAPLA class and verified their group isn't in the access list and it has a UACC of none but they can still get into that item. I specifically added the group to the access list with access level of NONE but they can still get in. I did the SETROPTS refresh of the ZMFAPLA class. Any idea what I'm missing? TIA Rex ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
