I'm trying again just in case, but I've experienced the same problem signing up for RACF-L that I've complained about here for IBM-Main: I never get the confirmation email. BTW I do not have that problem with ISPF-L or TSO-REXX.
. . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW [email protected] -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Walt Farrell Sent: Thursday, May 25, 2017 11:57 AM To: [email protected] Subject: (External):Re: RACF Question On Thu, 25 May 2017 12:14:46 -0400, scott Ford <[email protected]> wrote: >In reading through the RACF manual I have a question about STC definitions. >We have a STC that is doing RACF provisioning. The question is if I >change the below RDEFINE from TRUSTED(YES) to TRUSTED(NO) will still >be able to issue RACF commands ..we pass them through the RACF callable >service R_admin and we have an id with the appropriate authority. > >RDEFINE STARTED racfidname.* STDATA(USER(racfidname) - > GROUP(secure-grp) TRUSTED(YES) PRIVILEGED(NO) TRACE(NO)) - > UACC(NONE) AUDIT(FAILURES(READ)) TRUSTED does not let you issue RACF commands. It lets you get access to resources when they are checked by RACROUTE REQUEST=AUTH. Issuing commands requires SPECIAL or other authorities listed in the RACF Command Language Reference. However, when issuing commands via R_admin you need access to additional R_admin-specific resources. Having TRUSTED will let that additional security checking succeed, so if you remove TRUSTED you will need to grant access to those additional resources documented with the R_admin callable service. (By the way, I strongly recommend asking RACF questions on the RACF-L mailing list, not IBM-MAIN. You'll find more RACF experts there.) -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
