[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: Number of qualifiers in a class
From:       Russell D Hardgrove <hardgrov () US ! IBM ! COM>
Date:       2014-02-19 16:34:25
Message-ID: OF0187DD1F.02E3EB71-ON85257C84.00523B4D-85257C84.005B0C51 () us ! ibm ! com
[Download RAW message or body]

Jan,   with the CDT  PROPERTIES (OTHER=)  for AIMS you simply cannot use a
DOT.



For classes that do allow them (OTHER=ANY) don't think of them as
qualifiers exactly as a DATASET is parsed.



For GENERAL Resources there is a <very> little used param (in CDT
definition)  called KEYQUAL.

If It is used (and is greater than 0)  then
a)   the 'dots' DO take on more meaning.
b)  Specifies the number of matching qualifiers RACF uses when loading
generic profile names to satisfy an authorization request if a discrete
profile does not exist for the resource. For example, if you specify two
for the class, all generic profile names whose two highest level
qualifiers match the two highest qualifiers of the entity name are loaded
into the user's storage when the user requests access to a resource.
c) generally not used if class is to be RACLISTED

This param DOES NOT apply to AIMS.


.
--------------------------------------------------
Russ Hardgrove / RACF Lvl2
IBM - z/OS  Software Service
Dept. EC8A  (working remotely)
Poughkeepsie, NY  12601
hardgrov@us.ibm.com  845-435-3279 (a voicemail box only)
--------------------------------------------------
"RACF: Guilty, until proven innocent !!"    RdH 2004
"RACF, praesumitur malus donec probetur bonus"    RdH     MMX
<< Continually proving this (innocence) is not just a JOB, it's an
-ADVENTURE-   :-b  .. >>
...



From:   jan de decker <jan.jedsp@GMAIL.COM>
To:     RACF-L@listserv.uga.edu,
Date:   02/19/2014 09:39 AM
Subject:        Number of qualifiers in a class
Sent by:        RACF Discussion List <RACF-L@listserv.uga.edu>



Hi list,


I have the following problem:

How can I know the number of qualifiers I can use in a class.

E.g.

RDEFINE AIMS A.B UACC(NONE) OWNER(JAN)

fails with IKJ56702I

I found nothing in the manuals.

Macro's & Interfaces IBM supplied CDT entries only says OTHER=ALPHANUM

Can I base my program on that?


Thx in advance


j@n
[prev in list] [next in list] [prev in thread] [next in thread]