IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Scoping zSecure Admin

    Posted Thu April 15, 2021 03:16 PM

    Profile CKR.READALL is one of the methods to specify that a zSecure user can see all RACF profiles, otherwise only what is in his scope.

    Is there a way to specify that a user is allowed to see all profiles of a certain RACF group and all the subgroups of that Group.

    Thanks in advanc

    Stan van Oers


    #Support
    #SupportMigration
    #ZSecurity


  • 2.  RE: Scoping zSecure Admin

    Posted Thu April 15, 2021 03:32 PM

    If you have a group ABC, that is owned by group APPL, that in turn is owned by SYS1, then you can RDEFINE XFACILIT CKG.SCP.G.APPL.ABC.** UACC(NONE)

    This covers ABC and all groups owned by (subgroups of) ABC, following the group tree. Issue a PERMIT ACCESS(READ) on this profile, and the (group of) users in the permit can use zSecure RA.G to display the group and some information about the group.


    #SupportMigration
    #Support
    #ZSecurity


  • 3.  RE: Scoping zSecure Admin

    Posted Fri April 16, 2021 11:49 AM

    Thanks for the quick response.

    I defined XFACILIT CKG.SCP.G.** and permit access(read) but I don't see any group via RA.G

    I checked with Access Monitor, but the profile is not refered.

    Stan


    #Support
    #ZSecurity
    #SupportMigration


Related Content