FSACCESS and LIMITED privilege in ACF2
search cancel

FSACCESS and LIMITED privilege in ACF2

book

Article ID: 245296

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

How does FSACCESS CHECKING impacts a logonid with LIMITED privilege?

UNIXOPTS:

HFS SECURITY ACTIVE: NO
FSACCESS CHECKING: YES

List id:

SET LID
LIST IZUGUEST
IZUGUEST             ZOSMF GUEST USER UID(IZUGUE )
PRIVILEGES           JOB LIMITED NO-STORE RESTRICT

FSA Rule:

SET RESOURCE(FSA)
LIST LIKE(-)
ACF75052 RESOURCE RULE **************************************** STORED BY ABCD ON xx/yy/zz-12:12
$KEY(****************************************) TYPE(FSA)
- UID(*) SERVICE(UPDATE) ALLOW

Environment

Release : 16.0

Component : ACF2 for z/OS

Resolution

A logonid with LIMITED privilege also restricts access to UNIX files and directories in addition to limited access to data sets and resources with UID(*) ALLOW rule entry.

If FSACCESS CHECKING is enabled on the system and a logonid has LIMITED privilege, the access for this logonid would be restricted. 

A rule entry specific to the logonid UID for SET RESOURCE(FSA) can be added to give access and ACFRPTRV report can be run to find the specific resource being validated.