search cancel

Is there a CA ACF2 attribute similar to ROAUDIT in RACF?

book

Article ID: 14628

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

The ROAUDIT attribute 


A user who has the ROAUDIT attribute has the authority to list auditing information using the LISTDSD, RLIST, LISTUSER, LISTGRP, SETROPTS LIST, and SEARCH commands, as well as the IRRUT100 utility.

https://www.ibm.com/support/knowledgecenter/SSLTBW_2.2.0/com.ibm.zos.v2r2.icha700/icha700_The_ROAUDIT_attribute.htm

 



Is there a CA ACF2 attribute similar to ROAUDIT in RACF?

Environment

Release:
Component: ACF2MS

Resolution

AUDIT

A user with the AUDIT privilege defined in their logonid record can display logonid records, access and resource rules, and infostorage records. A logonid with this privilege is known as an auditor. An auditor can issue the ACF SHOW subcommands that display CA ACF2 system control options, but an auditor cannot modify any of these components of the CA ACF2 system. An auditor cannot update or delete logonid records or access any resources other than those authorized through rules, although a site can authorize auditors to update certain logonid record fields. The AUDIT privilege also gives users search and read access to directories in HFS.

Additional Information

For more information on AUDIT and other CA ACF2 attributes, please review the CA ACF2 documentation.

https://docops.ca.com/ca-acf2-for-z-os/16-0/en/administrating/administer-records/logonid-records/logonid-privileges-and-authorities