z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Using ID(*) on the access list

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

If you have some users who are not defined to RACF®, you can use the ID(*) entry on the access list instead of UACC to ensure that only RACF-defined users, except those with the RESTRICTED attribute, can access the resource. The following examples illustrate the difference between UACC(READ) and ID(*) ACCESS(READ):
  • To allow all users on the system to use a terminal, specify UACC(READ) for the profile, as follows: 
    RDEFINE TERMINAL profile-name UACC(READ)
  • To allow only RACF-defined users on the system to use a terminal, specify UACC(NONE) for the profile, then issue the PERMIT command with ID(*) and ACCESS(READ) specified: 
    RDEFINE TERMINAL profile-name UACC(NONE)
PERMIT profile-name CLASS(TERMINAL) ID(*) ACCESS(READ)

    Neither the ID(*) entry on the access list nor the UACC is used to allow a restricted user to access a RACF-protected resource.

Parent topic: How users and groups are authorized to access resources

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014