How can you find out what ROLES a user on ACF2 has?

Document ID:  TEC1003734
Last Modified Date:  07/11/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA ACF2 for z/OS

Components

  • CA ACF2 for z/OS:ACF2MS
Introduction:

Cross-reference role group (X-ROL) records give you the ability to implement role based security at your site. You can assign users to roles and assign accesses based on those roles. Roles can also be grouped into Role Groups. Both Roles and Role Groups can be specified in data set and resource rules.

Question:

How can you find out what ROLES a user on ACF2 has?

Answer:

The ROLES subcommand lists the active roles for the specified logonid based on the active X(ROL) XREF structure in storage. The syntax of the ROLES subcommand is as follows:

ROLES *|logonid

You can issue the ROLES subcommand under any setting of the ACF command. ROLES logonid lists the active roles for the specified logonid. When you say ROLES * under the ACF or LID setting, it will list the roles for the active Logonid - the logonid that was last listed, changed or inserted. If there is no active logonid, then ROLES * will list your roles.

Since X(ROL) records can contain masked logonids, the ROLES command does not check if the logonid you specified actually exists. Therefore, it is possible to list roles for a logonid you have not yet inserted.

Example:

ACF                                       
ROLES USER01A                              
 ROLES FOR USER01A                         
   AROLC     AROLD     AROLE     ZROLC
   ZROLD     ZROLE     AROLB     ZROLB
   AROLA     ZROLA                     

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >