z/OS Security Server RACF General User's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Using ID(*) in an access list

z/OS Security Server RACF General User's Guide
SA23-2298-00

You can add an entry for ID(*) to an access list to specify an access level that applies to all RACF®-defined users . You can use an entry for ID(*) instead of a UACC, which applies to all users whether or not they are RACF-defined.
Note: Neither an ID(*) entry nor a UACC applies to users who have the RESTRICTED attribute.
The following examples illustrate the difference between using a UACC and using an entry for ID(*) to give read access to a data set. Assume that data set SMITH.PROJ.ONE is protected by a discrete profile.
  • To allow all users on the system to read the data set, specify UACC(READ) for the profile, as follows: 
     ALTDSD 'SMITH.PROJ.ONE' UACC(READ)
  • To allow only RACF-defined users on the system to read the data set, specify UACC(NONE) for the profile, then issue the PERMIT command with ID(*) and ACCESS(READ) specified: 
    ALTDSD 'SMITH.PROJ.ONE' UACC(NONE)
PERMIT 'SMITH.PROJ.ONE' ID(*) ACCESS(READ)
Parent topic: Changing access to a data set

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014