Is there a CA ACF2 attribute similar to ROAUDIT in RACF?

book

Article ID: 14628

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

The ROAUDIT attribute 


A user who has the ROAUDIT attribute has the authority to list auditing information using the LISTDSD, RLIST, LISTUSER, LISTGRP, SETROPTS LIST, and SEARCH commands, as well as the IRRUT100 utility.

https://www.ibm.com/support/knowledgecenter/SSLTBW_2.2.0/com.ibm.zos.v2r2.icha700/icha700_The_ROAUDIT_attribute.htm

 



Is there a CA ACF2 attribute similar to ROAUDIT in RACF?

Environment

Release:
Component: ACF2MS

Resolution

AUDIT

A user with the AUDIT privilege defined in their logonid record can display logonid records, access and resource rules, and infostorage records. A logonid with this privilege is known as an auditor. An auditor can issue the ACF SHOW subcommands that display CA ACF2 system control options, but an auditor cannot modify any of these components of the CA ACF2 system. An auditor cannot update or delete logonid records or access any resources other than those authorized through rules, although a site can authorize auditors to update certain logonid record fields. The AUDIT privilege also gives users search and read access to directories in HFS.

Additional Information

For more information on AUDIT and other CA ACF2 attributes, please review the CA ACF2 documentation.

https://docops.ca.com/ca-acf2-for-z-os/16-0/en/administrating/administer-records/logonid-records/logonid-privileges-and-authorities