Can Roles in ACF2 have USERS and ROLES specified together?

book

Article ID: 143568

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

Is it possible to create a group that contains both other roles AND users?

this is a user:  CPOSRV               ASPDSTC         CPOSRV   CPOSRV TASK ACID  

this is a role:  DEV**** / SWASIS LAST CHANGED BY DXF125 ON 20/01/20-16:35     
                     INCLUDE(DPM701 MXG120 NBV343 SXR056) ROLE

If a group role record is inserted will it look for CPOSRV and SWASIS as lids or roles?

INS CPOQUERY INCLUDE(CPOSRV SWASIS)  GROUP

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

A group role record cannot be created to include both users and roles.

  • ROLE indicates that the record defines a group of users.
  • GROUP indicates that the record defines a group of roles. Specify GROUP only when you want to define an X ROL record that includes other X ROL records.

If the role record is specified as a group record it assumes all includes are role records, not users.

In the example, all the users in the SWASIS role would be included plus anyone in the CPOSRV role. The user CPOSRV would not be included unless it was included in the CPOSRV role.