How can you find out what ROLES a user on ACF2 has?

book

Article ID: 14968

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Cross-reference role group (X-ROL) records give you the ability to implement role based security at your site. You can assign users to roles and assign accesses based on those roles. Roles can also be grouped into Role Groups. Both Roles and Role Groups can be specified in data set and resource rules.



How can you find out what ROLES a user on ACF2 has?

Environment

Release:
Component: ACF2MS

Resolution

The ROLES subcommand lists the active roles for the specified logonid based on the active X(ROL) XREF structure in storage. The syntax of the ROLES subcommand is as follows:

ROLES *|logonid

You can issue the ROLES subcommand under any setting of the ACF command. ROLES logonid lists the active roles for the specified logonid. When you say ROLES * under the ACF or LID setting, it will list the roles for the active Logonid - the logonid that was last listed, changed or inserted. If there is no active logonid, then ROLES * will list your roles.

Since X(ROL) records can contain masked logonids, the ROLES command does not check if the logonid you specified actually exists. Therefore, it is possible to list roles for a logonid you have not yet inserted.

Example:

ACF                                       ROLES USER01A                               ROLES FOR USER01A                            AROLC     AROLD     AROLE     ZROLC   ZROLD     ZROLE     AROLB     ZROLB   AROLA     ZROLA