On Mon, 4 Mar 2019 16:53:24 +0000, Jesse 1 Robinson <[email protected]> wrote:
>On two different RACF plexes, we have these two profiles in the SDSF class: > >ISFCMD.ODSP.* (G) >ISFCMD.ODSP.** (G) > >I'm confounded to explain the difference between one or two asterisks. Help? The two differences: (1) ISFCMD.ODSP.** will protect ISFCMD.ODSP, if that resource exists, bt ISFCMD.ODSP.* won't. (2) When both exist, ISFCMD.ODSP.* will (if I remember correctly) be found first by RACF, and will supercede any specifications in ISFCMD.ODSP.** if both profiles match the supplied resource name (but I may not remember correctly). I'm reasonably sure the RACF Security Administrators Guide discusses this, as I think I wrote that section of the book at some time. Ideally, if only to avoid confusing the security administrators and/or auditors, one of those profiles should be deleted. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
