Steps for delegating the authority to list user information by owner

Before you begin:

Make sure the LISTUSER command issuer does not have READ access to the IRR.LISTUSER resource in the FACILITY class.

Perform the following steps to limit the authority of a general user or group to list user information in selected user profiles based on the owner of the user profiles.

Define the following generic profiles in the FACILITY class, if not already defined. Doing so ensures that an existing generic profile does not inadvertently prevent you from successfully limiting this authority.
Example:
```
RDEFINE FACILITY IRR.LISTUSER.**   UACC(NONE)
RDEFINE FACILITY IRR.LU.**         UACC(NONE)
RDEFINE FACILITY IRR.LU.EXCLUDE.** UACC(READ)
```
Define a profile to protect the IRR.LU.OWNER.owner resource in the FACILITY class, where owner is the user ID or group that owns the user profiles.
Example:
```
RDEFINE FACILITY IRR.LU.OWNER.GROUP3 UACC(NONE)
   AUDIT(FAILURES(NONE) SUCCESSES(READ))
```
______________________________________________________________________
Authorize the general users or groups.
Example:
```
PERMIT IRR.LU.OWNER.GROUP3 CLASS(FACILITY) ID(HELPDESK USER19) ACCESS(READ) 
```
______________________________________________________________________
Activate the FACILITY class if not already active.
Example:
```
SETROPTS CLASSACT(FACILITY) 
```
If the FACILITY class is already active and RACLISTed, refresh the FACILITY class profiles.
```
SETROPTS RACLIST(FACILITY) REFRESH
```
______________________________________________________________________

You have now authorized a general user or group to list the base segment of user profiles for selected users, including protected users, and excluding users with the SPECIAL, OPERATION, or AUDITOR attribute, based on the owner of the user profile.