When creating RACF external security rules, some users are not supposed to see report data so the definition for the CA View RAPS resource was set to NONE, and it works fine.

However, the report is also indexed and the definition for the IDXN/IDXV resources are set to READ and with these settings, the users CAN access the reports through the indexes.

Q1. Does setting the IXDN/IXDV resource definition to READ override the RAPS resource setting of NONE.

Q2. To prevent users from accessing the data from the indexes, do the IXDN/IXDV resources also have be set to NONE?

Release : 14.0

Component : CA View

Q1. Does setting the IXDN/IXDV resource definition to READ override the RAPS resource setting of NONE.

Answer 1 - No. It's not a matter of one resource "overriding" another. It's a matter of what security calls are being made depending on where/how your users are accessing the reports. The RAPS resource is for controlling access to "All pages of a sysout/report". When your users attempt to view reports through an INDEX, we don't make a RAPS security call, unless they are selecting the NATIVE VIEW index (which would allow them to see ALL pages of the report. When the report is accessed through an INDEX, we are only making the IXDN/IXDV calls.      

Q2. To prevent users from accessing the data from the indexes, do the IXDN/IXDV resources also have be set to NONE?

Answer 2 - Yes. If you don't want your users to be able to view ANY pages of a report, you would have to define access NONE for the IXDN and IXDV resources.