search cancel

Is there an ACF2 equivalent/emulation to RACF RESTRICTED attribute?

book

Article ID: 113654

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction

Is there an ACF2 equivalent/emulation to RACF RESTRICTED attribute?

Environment

Release:
Component: ACF2MS

Resolution

There are two ACF2 logonid fields that allow a site to provide 'RESTRICTED ACCESS' for 1) z/OS datasets and resources(since z/OS datasets and resources are protected by default) and 2) UNIX files and directories when using native UNIX security.

For Restricted access to z/OS datasets and resources the logonid LIMITED|NOLIMITED field can be set:

LIMITED|NOLIMITED
Specifies that a user has limited access to datasets and resources. LIMITED is the ACF2 equivalent to the RACF RESTRICTED attribute. A LIMITED user cannot access the datasets or resources if the applicable rule entry is a UID(*) ALLOW rule. Assigning LIMITED to a user also restricts access to UNIX files and directories as documented under the RSTDACC field. (Bit field)

For Restricted access UNIX files and directories when using native UNIX security the logonid RSTDACC|NORSTDACC field can be set:

RSTDACC|NORSTDACC
Specifies that this user has restricted access to UNIX directories and files based on owner or group permissions, not on other permissions, when the user does not have at least read access to the UNIXPRIV resource, RESTRICTED.FILESYS.ACCESS. (Bit field)