Hey Linnea.
You should also remember that RACF does not show preference for one group over another, when both permit the requested access. As a consequence, Access Monitor reports may show one OR MORE groups that COULD have given access to the profile. This will be visible when SIMULATED FIELDS are requested, in the DETAILS of the Access Monitor information, at the end of the details panel.
When you are cleaning up the RACF database, and replacing the functionality of a group with another group, the users may be connected to both, until you finally remove (or delete) the
old group. When zSecure notices that the user is connected to both groups, and the dataset profile has an adequate permit for both groups, the VIA GROUPS field shows both group names.
AM.1 has a "Simulated fields selection" option to show ONLY access events where the group specified is alone in providing access (the group is ESSENTIAL), that points at resource access that still uses (only) the
old group. Specify the
old group name on the "Group(s) used for access" field and / the "Essential group(s)" checkbox. This finds where a connect/permit for the
old group has not (yet) been copied to a replacement group.
------------------------------
Rob van Hoboken
------------------------------
Original Message:
Sent: Thu December 09, 2021 02:43 PM
From: Linnea Sullivan
Subject: Access Monitor Permit Usage - Display User ID
I have some User IDs that are connected to a group. That group is permitted to some datasets and db2 profiles. I want to remove the userids from that group, but I see via AM.4 that the userids are using the connection to the group. So I tried AM.3 to see what permissions are being used by the group.
Is there a way to see what User Ids used the group to access those permissions. With RACF_ACCESS, there is no USERID field, and the field ID refers to what was being permitting, in which in my case is the group.
Or is there some other option in Access Monitor to display what permission the User ID accessed via a connected group?
------------------------------
Linnea Sullivan
------------------------------