IBM Support

Results from QUERY SECURITY command when RACF is in Warning mode

Question & Answer


Question

During warning mode, RACF allows all requesters to access the resource, and, if the requester would not otherwise be allowed access, RACF sends a message to the requester.

What would the EXEC CICS QUERY SECURITY command return if a user does not have access to a resource in RACF and RACF is in Warning mode?

Answer

The EXEC CICS QUERY SECURITY command will always return the correct information whether in warning or failure mode. So for example if a userid only has read access to CEMT they would get the following returned from the QUERY SECURITY command for both modes:

REAd( +0000000035 ) = READABLE

Update( +0000000038 ) = NOTUPDATEABLE

Control( +0000000057 ) = NOTCTRLABLE

Alter( +0000000053 ) = NOTALTERABLE

If RACF is in WARNING mode then the user is still able to use CEMT, however if the profile is switched to FAIL then the user would no longer have access to CEMT.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"Security","Version":"","Line of Business":{"code":"LOB17","label":"Mainframe TPS"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Document Information

Modified date:
11 May 2017

UID

dwa1373963