ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Who has more authority for Online commands (Def View , Def User, etc)? External Security or the MASTER parameter in Sarinit.


Article ID: 35291


Updated On:


Deliver View



"I am able to do the DEF USER, DEF VIEW commands but my RACF Group does NOT have any access rights from a RACF perspective. I'm assuming I can do that because reading the manual it states if I am a user in the master directory I have authority. THIS SHOULD NOT HAPPEN. RACF should stop me from issuing the commands if my RACF group is not in the profiles needed for these commands (DEF USER, DEF VIEW, etc.). This tells me external security is NOT working."




View 12.x

External Security rules


External Security is working as expected.  When using an External Security set up, CA View checks the SARINIT MASTER parameter before it checks to see if there are security rules that allow the execution of the DEF VIEW, DEF USER command, etc. You can determine if a user has Master authority by executing the DEF USER command and reviewing the M column to see if there is a "Y".     


The SARINIT parameter MASTER has the highest priority, for executing the DSEF xxx commands, no matter what is defined in the SECURITY parameters. 

So in further detail, in the case of this environment, when the MASTER=RICRO02 

this indicates that ONLY ricro02 is able to execute the DEF VIEW command and that even though SECURITY= EXTERNAL specified, it stops after the first check and no other calls are made. 

If you want the EXTERNAL Security package to determine who is able to issue the DEF VIEW command then you would need to specify SARINIT MASTER=ALL 

this would then require the proper rules to be setup and used by the External Security package.

Additional Information:

As always, please contact CA Technologies support for CA View/Deliver if you have further questions.


Release: OUTDTI00200-12.1-Deliver-Output Management-Interface for Native TSO