Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Delegating the authority to list user information in only selected user profiles z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
You can limit the authority of a general user or group to list
user information by authorizing the user or group to list only a selected
set of user profiles. You can limit the selected set of user profiles
in the following ways:
To authorize a general user or group to list user information in only selected user profiles, define a profile to protect the appropriate IRR.LU.OWNER or IRR.LU.TREE resource in the FACILITY class and grant READ access to authorize users and groups. If you do not define this profile, standard LISTUSER authority checking applies when RACF® determines whether the command issuer is authorized. The IRR.LU.OWNER and IRR.LU.TREE authorities authorize a general user to list the base segment in the profile of any user—based on owner or scope of the group tree—including protected users. Restriction: These authorities do not apply when the target of the LISTUSER command has the SPECIAL, AUDITOR, or OPERATIONS attribute. RACF does not log failed access attempts to IRR.LU resources. Successful accesses to IRR.LU resources are logged at the installation's discretion. |
Copyright IBM Corporation 1990, 2014
|