search cancel

In ACF2 what happens if a userid/lid is specifiec on the include and exclude of a ROLE record?

book

Article ID: 190336

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS PAM CLIENT FOR LINUX ON MAINFRAME WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Role that has a userid / LID defined in both include-list and exclude-list.

?  set x(rol)                                                               
?  l NEWROLE6
 TLVB / NEWROLE6 LAST CHANGED BY ABCD01 ON 05/04/20-13:57                    
                      EXCLUDE(QQTEST3 QQTEST-) INCLUDE(QQTEST3 QQ-) ROLE    
TOTAL RECORD LENGTH= 374 BYTES, 9 PERCENT UTILIZED                          

roles QQTEST3                      
 ROLES FOR QQTEST3                 
   NEWROLE6      
 XREF                              

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

By default, if the INCLUDE field and the EXCLUDE field have the same entry, the entry is included in the group.