search cancel

How can you find out what ROLES a user on ACF2 has?


Article ID: 14968


Updated On:


ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit


Cross-reference role group (X-ROL) records give you the ability to implement role based security at your site. You can assign users to roles and assign accesses based on those roles. Roles can also be grouped into Role Groups. Both Roles and Role Groups can be specified in data set and resource rules.

How can you find out what ROLES a user on ACF2 has?


Component: ACF2MS


The ROLES subcommand lists the active roles for the specified logonid based on the active X(ROL) XREF structure in storage. The syntax of the ROLES subcommand is as follows:

ROLES *|logonid

You can issue the ROLES subcommand under any setting of the ACF command. ROLES logonid lists the active roles for the specified logonid. When you say ROLES * under the ACF or LID setting, it will list the roles for the active Logonid - the logonid that was last listed, changed or inserted. If there is no active logonid, then ROLES * will list your roles.

Since X(ROL) records can contain masked logonids, the ROLES command does not check if the logonid you specified actually exists. Therefore, it is possible to list roles for a logonid you have not yet inserted.


ACF                                       ROLES USER01A                               ROLES FOR USER01A                            AROLC     AROLD     AROLE     ZROLC   ZROLD     ZROLE     AROLB     ZROLB   AROLA     ZROLA