How can you grant access to resource names greater than 8 characters in a qualifier name? One of the setup steps in the RACF documentation for zOSMF is to give access to this role set to all z/OSMF users:
When implementing zOSMF, there are issues with the EJBROLE resource class. Users cannot access resource even though they are permitted EJBROLE(IZUDFLT.*.izuUsers):
The Masking Character ASTERISK (*) stands for any 0-8 characters.
Use a Hyphen (-) instead of a asterisk (*). For example:
From the Top Secret r16 documentation here :
Floating Pattern Masks
A floating pattern mask uses the hyphen (-) to represent a variable number of characters (including no characters). Resource names containing hyphens cannot be owned. They must match the ownership of resources defined by other characters and masks.
- Cannot be used in the same resource name with other masking characters
- Can only be used in the interior of a resource name
- Can only occur at position three or later
The following resource masks are invalid:
A floating character mask can represent resource names with multiple qualifiers or indexes (cross-node resource names). These examples show how the hyphen mask can be used to cross partial and complete nodes of resource qualification:
The explicit periods on either side of the mask in the second example prevent the collapse of the hyphen into a null-string, and prevents the inclusion of more than one initial qualifier.