search cancel

ACF2 Scope for LID gets NOT AUTHORIZED TO LIST THIS LOGONID RECORD msg with LIST logonid

book

Article ID: 189901

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS PAM CLIENT FOR LINUX ON MAINFRAME WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Setting up a scope list for a user to maintain profiles and userids. Scope list UID(IZPT-) INF(RIZP-)    
TSO, ACF, LIST of logonid gets: NOT AUTHORIZED TO LIST THIS LOGONID RECORD  

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

When using a SCOPE record the UID and LID need to be specified together:

UID
Specifies the one to 24-character UID or UID mask to be placed in the scope of the logonid. You must also specify a LID entry to permit access to the Logonid database.

LID
Specifies logonids or logonid masks that the scoped logonid can create, list, alter, or delete. You must also specify a UID entry to permit access to records in the Logonid database.

Typically if you specify a UID, you can specify LID(-). You can either add LID(-) or LID(CSI-) and the SCOPE record should work. After making any change to a SCOPE record be sure to issue the 'F ACF2,REBUILD(SCP),CLASS(S)'