Joined: 10 Oct 2003 Posts: 317 Topics: 50 Location: Germany
Posted: Tue Apr 26, 2005 1:31 am Post subject: Determine whether user has access to RACF resources
Hi all,
how is it possible to check whether user has access to RACF resources, using CICS transaction, PL/1 and / or Cobol.
The EXEC CICS QUERY SECURITY dosn't work for my requirement, because the userkey to be ckecked is not the same key calling the transaction. EXEC CICS QUERY SECURITY works only with the user key calling the transaction.
I'm not 100% certain what you mean when you say "userkey to be checked is not the same key..." At what point in the transaction flow does the key then actually change??
If for example, you issue a START transaction in your program, and start it with a USERID (one of the available START options), then you will be told via DFHRESP(NOTAUTH) if you are not authorised for the resource. Would this do it for you? Here, the userid which is checked is the one which is actually trying to fire up the resource.
If you want fine-grain control, then maybe you should have a look in the "CICS System Programming Reference" manual at the INQUIRE commands. Or lastly, have a look at the CICS-RACF manuals.
Joined: 10 Oct 2003 Posts: 317 Topics: 50 Location: Germany
Posted: Tue Apr 26, 2005 7:02 am Post subject:
Hi Mike,
thank you for your answer.
What i meen is: CICS Transaction is started and running with user key "USER1".
Now in the program flow of the CICS transaction I like to check wether any userkey, for example from input date, db2 table etc. has for example READ access to an specific RACF class, group.
But you are right, EXEC CICS START allows to pass an specific user key, but this doesn't match to my problem.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
FAQ
Search
Quick Manuals
Register
Profile
Log in to check your private messages
Log in
