Dear All,
In of our test region I have permitted RESTRICTED attribute to a userid but even after that the user is able to access other Users dataset which are not Defined to RACF. I assume that they can only access data to which they have been explicitly permitted or Is it something we set the UACCs to all our sensitive datasets and resources to NONE.
Could anyone please shed some light on the above.
Jaggz
RESTRICTED attribute query
Previous topic • Next topic • 2 posts
• Page 1 of 1
Re: RESTRICTED attribute query
by Robert Sample » Thu May 31, 2012 4:20 pm
It sounds like your RACF is working as designed. From the RACF Command Language Reference manual section 5.6:
RESTRICTED | NORESTRICTED
e
RESTRICTED Specifies that global access checking is bypassed when resource access checking is performed for the user, and neither ID(*) on the access list nor the UACC will allow access. The RESTRICTED.FILESYS.ACCESS profile in the UNIXPRIV class can also be used to bypass the z/OS UNIX other permission bits during file access checking for RESTRICTED users. Note: If your installation has profiles defined in the PROGRAM class, and the user ID with the RESTRICTED attribute needs to load programs covered by one or more of these profiles, the user ID must be put on the access list with EXECUTE or READ authority. NORESTRICTED Specifies that the user does not have the RESTRICTED attribute and access checking is performed the standard way including global access checking, ID(*), the UACC, and the z/OS UNIX 'other' permission bits as appropriate.
- These users thanked the author Robert Sample for the post:
- jaggz (Fri Jun 01, 2012 7:57 am)
- Robert Sample
- Global moderator
- Posts: 3720
- Joined: Sat Dec 19, 2009 8:32 pm
- Location: Dubuque, Iowa, USA
- Has thanked: 1 time
- Been thanked: 279 times
Previous topic • Next topic • 2 posts
• Page 1 of 1
-
- Related topics
- Replies
- Views
- Last post
-
- Backout the PROTECTED attribute
by Blackthorn » Wed Aug 15, 2018 2:03 pm - 6 Replies
- 4263 Views
- Last post by Blackthorn
Sun Aug 19, 2018 3:15 pm
- Backout the PROTECTED attribute
-
- List RACF IDs with the CLAUTH Attribute
by MawkHawk » Mon May 12, 2014 4:55 pm - 0 Replies
- 3037 Views
- Last post by MawkHawk
Mon May 12, 2014 4:55 pm
- List RACF IDs with the CLAUTH Attribute
-
- Which team require OPERATIONS attribute
by aarvalar1 » Thu Jul 13, 2023 4:44 pm - 4 Replies
- 1956 Views
- Last post by Robert Hansel
Sat Jul 29, 2023 8:30 pm
- Which team require OPERATIONS attribute
-
- Does the CLASSAUTH attribute could give to RACF Groups?
by danielgp89 » Fri Dec 06, 2019 9:42 pm - 0 Replies
- 1966 Views
- Last post by danielgp89
Fri Dec 06, 2019 9:42 pm
- Does the CLASSAUTH attribute could give to RACF Groups?