search cancel

ACF2: How to list what resource groups a logonid has access to?

book

Article ID: 202737

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC

Issue/Introduction

How to check if a user has access to resource groups.  What is the command or Panel path to find this? 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

To check if a user has access to resource groups there is a two step process, first identify the resource groups and then either use the ACCESS command or the ACFRPTR report to determine access to the resource groupd(s).

For example:

First find all the resource groups defined from TSO, ACF:

ACF
SET X(RGP)
LIST LIKE(-)
  SYS7 / ACCOUNT LAST CHANGED BY USER001 ON 04/18/19-15:27                
                       INCLUDE(ACTA ACTD ACTI ACTU) RESOURCE TYPE(CKC)    
 ACF0A051 TOTAL RECORD LENGTH= 370 BYTES, 2 PERCENT UTILIZED              
                                                                          
  SYS7 / CICSACF LAST CHANGED BY USER001 ON 03/20/20-10:28                
                       INCLUDE(ACF* ACUL CES* LOGO) RESOURCE TYPE(CKC)    
 ACF0A051 TOTAL RECORD LENGTH= 370 BYTES, 2 PERCENT UTILIZED              
                                                                          
  SYS7 / CICSDB2 LAST CHANGED BY USER001 ON 03/20/20-10:35                
                       INCLUDE(SQL*) RESOURCE TYPE(CKC)                   
 ACF0A051 TOTAL RECORD LENGTH= 355 BYTES, 2 PERCENT UTILIZED              


Then from TSO, use the ACCESS command to check what logonids have access to each XRGP resource group:

ACF
ACCESS RESOURCE(ACCOUNT) TYPE(CKC
ACCESS RESOURCE(CICSACF) TYPE(CKC
ACCESS RESOURCE(CICSDB2) TYPE(CKC

Or  run the ACFRPTRX report for check to see for a specific logonid has access to XRGP resource group optionally base on TYPE code(in this example CKC):

Note: Sites can remove the RMASK to check access to all TYPE(CKC) or run the ACFRPTRX report multiple times for ACCOUNTCICSACF and CICSDB2 resource groups.

//REPORT  EXEC PGM=ACFRPTRX                            
//SYSPRINT DD SYSOUT=*                                 
//RECMAN1  DD DISP=SHR,DSN=SYS1.MAN1                   
//RECMAN2  DD DISP=SHR,DSN=SYS1.MAN2                   
//RECMAN3  DD DISP=SHR,DSN=SYS1.MAN3                   
//SYSUT1 DD   UNIT=SYSDA,SPACE=(CYL,(2,2)),DCB=BUFNO=30
//SYSUT2 DD   UNIT=SYSDA,SPACE=(CYL,(2,2)),DCB=BUFNO=30
//SYSIN    DD *                                        
TITLE(ACFRPTRX)                                        
ACF2                                                   
RSRC    
RMASK(ACCOUNT)                                               
TYPE(CKC)                                              
LID(MDBTEST)                                           
/* 

Sample output:

                                    
LID: MDBTEST  UID: 021          MDBTEST   
NAME: MDBTEST X                           

$KEY(ACCOUNT) TYPE(CKC)                   
STORED: 11/04/20-14:31 BY: USER002        
 UID(021**********MDBTEST) ALLOW