[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: ICHRRCDE - RACLIST= AND RACLREQ=
From:       Walter Farrell <wfarrell () US ! IBM ! COM>
Date:       2008-03-31 21:29:34
Message-ID: OF77BB065D.D9B9C972-ON8525741D.0075AC00-8525741D.007610AF () us ! ibm ! com
[Download RAW message or body]

On Monday, 03/31/2008 at 03:12 AST, Nick Garigliano
<nick.garigliano@SENTRY.COM> wrote:
> Hello,
>
> For yucks I'm looking up the various options in the source for our
> installation defined CDT and comparing them to the System Prog guide
> (z/OS
> 1.7).  I see that the majority of the entries have
>
> RACLIST=DISALLOWED
> RACLREQ=NO
>
> set explicitly or are not defined at all.   According to the guide the
> defaults are DISALLOWED and NO.
>
> Reading the guide leads me to believe that a SETR RACLIST(CLASS) REFRESH
> should have no effect with these settings, yet from experience I know
> this is not the case.  What am I missing?

What you should understand from the doc for RACLIST=DISALLOWED is that
SETR RACLIST(classname)
will not work.

However, SETR RACLIST(classname) REFRESH
is a different case.  That one will work as long as either someone has
issued
SETR RACLIST(classname) (not possible in your case, of course) or an
application has issued
RACROUTE REQUEST=LIST,CLASS=classname,GLOBAL=YES

--
        Walt
------------------------------
Walt Farrell, CISSP
IBM STSM, z/OS Security Design,
e-mail:  wfarrell@us.ibm.com
[prev in list] [next in list] [prev in thread] [next in thread]