Cross-reference role group (X-ROL) records give you the ability to implement role based security at your site. You can assign users to roles and assign accesses based on those roles. Roles can also be grouped into Role Groups. Both Roles and Role Groups can be specified in data set and resource rules.
How can you find out what ROLES a user on ACF2 has?
The ROLES subcommand lists the active roles for the specified logonid based on the active X(ROL) XREF structure in storage. The syntax of the ROLES subcommand is as follows:
ROLES *|logonid
You can issue the ROLES subcommand under any setting of the ACF command. ROLES logonid lists the active roles for the specified logonid. When you say ROLES * under the ACF or LID setting, it will list the roles for the active Logonid - the logonid that was last listed, changed or inserted. If there is no active logonid, then ROLES * will list your roles.
Since X(ROL) records can contain masked logonids, the ROLES command does not check if the logonid you specified actually exists. Therefore, it is possible to list roles for a logonid you have not yet inserted.
Example:
ACF ROLES USER01A ROLES FOR USER01A AROLC AROLD AROLE ZROLC ZROLD ZROLE AROLB ZROLB AROLA ZROLA