search cancel

ACF2 Surrogate logonid usage with RESTRICT

book

Article ID: 239818

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

Does the surrogate rule work for an ID with the restrict attribute?

Environment

Release : 16.0

Component : ACF2 for z/OS

Resolution

PTF LU05334 allows checking of SURROGAT rule for RESTRICT logonids. 

When the execution logonid has the RESTRICT attribute, the execution_lid.SUBMIT rule TYPE(SUR) is not checked. However, the following rule is checked for access to resource RESTRICT.CHECK.SURROGAT in class CASECAUT:

$KEY(RESTRICT) TYPE(AUT)
CHECK.SURROGAT UID(uid_of_execution_lid) ALLOW