Grant Access To Resource Names Greater Than 8 characters In Top Secret
search cancel

Grant Access To Resource Names Greater Than 8 characters In Top Secret


Article ID: 32413


Updated On:


Top Secret Top Secret - LDAP


How can you grant access to resource names greater than 8 characters in a qualifier name? One of the setup steps in the RACF documentation for zOSMF is to give access to this role set to all z/OSMF users:


When implementing zOSMF, there are issues with the EJBROLE resource class. Users cannot access resource even though they are permitted EJBROLE(IZUDFLT.*.izuUsers):



Release: TOPSEC00200-15-Top Secret-Security


The Masking Character ASTERISK (*) stands for any 0-8 characters.

Use a Hyphen (-) instead of a asterisk (*). For example:


From the Top Secret r16 documentation here :

Floating Pattern Masks

A floating pattern mask uses the hyphen (-) to represent a variable number of characters (including no characters). Resource names containing hyphens cannot be owned. They must match the ownership of resources defined by other characters and masks.

The hyphen:
- Cannot be used in the same resource name with other masking characters
- Can only be used in the interior of a resource name
- Can only occur at position three or later

The following resource masks are invalid:

A floating character mask can represent resource names with multiple qualifiers or indexes (cross-node resource names). These examples show how the hyphen mask can be used to cross partial and complete nodes of resource qualification:

The explicit periods on either side of the mask in the second example prevent the collapse of the hyphen into a null-string, and prevents the inclusion of more than one initial qualifier.