[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: Granting access with Alter authority
From:       Walter Farrell <wfarrell () US ! IBM ! COM>
Date:       2010-03-24 19:14:01
Message-ID: OF7B1AB7AF.A57A3D5C-ON852576F0.00695DC6-852576F0.0069A743 () us ! ibm ! com
[Download RAW message or body]

On Wednesday, 03/24/2010 at 03:02 AST, Bruce Gordon
<bgordon566@COMCAST.NET> wrote:
> Having alter authority to a RACF profile will allow you the ability to
> administer it.  What is the scope of this privilege, does it allow you
> to administer all resources within a generic profile, or does it work
only
> for discrete profiles. For example if you have alter to sys1.* can
> administer that profile or does it need to be a granular profile like
> sys1.brodcast?

Neither.  ALTER grants administrative privilege only for a discrete
profile.

"Granular profile" is not a well-defined term, and does not apply here.
Profiles are either discrete (ALTER gives administrative capability), or
generic (they have a (G) after their names when RACF lists them, and ALTER
does not give administrative capability).

--
        Walt
------------------------------
Walt Farrell, CISSP
IBM STSM, z/OS Security Design,
e-mail:  wfarrell@us.ibm.com
[prev in list] [next in list] [prev in thread] [next in thread]