RACF cross-reference utility (IRRUT100)

The RACF® cross-reference utility, IRRUT100, lists all occurrences of a specified user ID or group name that appear in a RACF database. This can help you discover the relationships between various users and groups, and learn other important information about users, groups, and the resources they control. For example, you can use the output to verify that users have the right access to resources. You can also use the output to determine the resources whose ownership must be transferred before you delete a user or group from the RACF database.

All users can run IRRUT100 for their own user IDs or any user IDs they own. To run IRRUT100 for other users' IDs, you must be defined to RACF with one of these attributes:
  • group-AUDITOR
  • group-SPECIAL

IRRUT100 produces a cross-reference report that describes the occurrences of each user ID or group name that you specify. Generic profile names are followed by the letter "G" in parentheses.

For information about how to run IRRUT100 and use its output, see z/OS Security Server RACF System Programmer's Guide.

As an alternative to IRRUT100, you can use the output from the database unload utility (IRRDBU00). For more information, see Using the database unload utility output effectively.