On Sat, 3 Nov 2018 15:00:01 -0500, Mike Cairns <[email protected]> wrote:
>Unfortunately the SEARCH command only applies to the user executing the
>command. Returning the profiles that *you*, the executing user, have access
>to. I think what Vignesh is asking for is a list of the profiles for a given
>user when asking the question as an administrator.
I think you're forgetting the USER(userID) paramater on SEARCH, Mike:
<quote from RACF Command Language Reference>
USER(userid)
Specifies that RACF is to list the profiles that the specified user has
access to (READ authority or higher, or owner) for the class you specify on the
CLASS operand. RACF lists only those profiles that the specified owner is
allowed to see.
</quote>
Nonetheless, I agree with you that using IRRDBU00 is a better approach, as
SEARCH does not tell you -what- access the user has, nor -why- he has it.
Generating a report based on IRRDBU00 output can tell you both of those, though
you do need to perform the additional processing to include accesses based on
the user's groups and UACC.
--
Walt
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
