Control of access to RACF data
SDBM operations result in issuing RACF® commands. Table 1 and Table 1 indicate which commands are issued for various SDBM operations. The RACF commands are issued under the context of the RACF user ID that is bound to SDBM. RACF determines the results of the RACF commands based on the RACF authority of that user ID. If the RACF command fails, the SDBM operation fails and returns any error information issued by RACF.
In particular, the RACF
search command can fail because of lack of authority, even if the bound user is
able to extract RACF data from user IDs that match the RACF
search. In this case, SDBM search operations that issue a RACF
search command can fail and return the
following:
ldap_search: Unknown error
ldap_search: additional info: ICH31005I NO ENTRIES MEET SEARCH CRITERIA