search cancel

CA Top Secret for z/OS How can you grant access to resource names greater than 8 characters?


Article ID: 32413


Updated On:


Top Secret Top Secret - LDAP



How can you grant access to resource names greater than 8 characters?

When implementing zOSMF, encountering issues with the EJBROLE resource class.

One of the setup steps in RACF documentation  is to add access to these role set to all z/OSMF users.                                                         


Users cannot access to resource entity





The Masking Character ASTERISK (*) stands for any 8 characters.

Use a Hyphen (-) instead of a asterisk (*)                             


Additional Information:


From the CA Top Secret Security for z/OS r15.0 Users Guide:            

Floating Pattern Masks                                                       
A floating pattern mask uses the hyphen (-) to represent a variable number   
of characters (including no characters). Resource names containing hyphens   
cannot be owned. They must match the ownership of resources defined by       
other characters and masks.                                                  
The hyphen:                                                                  
 Cannot be used in the same resource name with other masking characters      
 Can only be used in the interior of a resource name                         
 Can only occur at position three or later                                   
The following resource masks are invalid:                                    
Resource Mask                                                                
Reason why invalid                                                           
The hyphen cannot be used at the beginning or end of a resource name.        
The hyphen cannot be used in combination with any other masking character.   
The hyphen cannot be used before position three of a resource mask.          
A floating character mask can represent resource names with multiple         
qualifiers or indexes (cross-node resource names).

These examples show how the hyphen mask can be used to cross partial and complete nodes of resource
Resource Mask         Matches           Does Not Match                    
ACCT-VEND         ACCTPAY.VENDOR           ACC.VEND                       
                   ACCTVEND               AP.ACC.VEND                     
PAYROLL.-.XMPT    [email protected]     PAYROLL.XMPT                    
The explicit periods on either side of the mask in the second example     
prevent the collapse of the hyphen into a null-string, and prevents the   
inclusion of more than one initial qualifier                              



Release: TOPSEC00200-15-Top Secret-Security