Below is a list of all profiles under MENUAPPL class and our SETR list. As you will see there is a discrete profile for each application and 2 generic profiles one being **. The ** profile has a UACC(NONE) and no users on access.
MENUAPPL is a *homegrown* EDS session manager. (I did not write it or hijack it) I suspect this may be generating a separate SAF call for each application for each user and there are 1000's of users, whereas ACF2 may be *wildcarding* it. I am not sure what rules ACF2 has defined for this access yet, but we are checking now. READY SR CLASS(MENUAPPL) ACCESS ACHFB642 ACMFA5M1 ACMFA5M2 ACMFA5M3 ACMFA5M4 ACMFA5M5 ACMFA5P1 ACMFA5P2 ACMFA5P3 ACMFA5P4 ACMFA5P5 ACMFA5W1 ACMFA5W2 ACMFA5W3 ACMFA5W4 ACMFA5W5 ACMFA501 ACMFA522 ACMFA542 ACMFA543 ACMFA544 ACMFA545 ACMFA551 ACMFA552 ACMFA571 ACMFA621 ACMFA642 ACMFA681 ACMFA701 ACMFA721 ACMFA781 ACMFA882 ACMFA981 ACMFB5R1 ACMFB522 ACMFB543 ACMFB544 ACMFB602 ACMFB621 ACMFB642 ACMFB701 ACMFB721 ACMFB831 ACMFB882 ACMFB981 ACMFC5B1 ACMFC5C1 ACMFC5D1 ACMFC5E1 ACMFC5F1 ACMFC5G1 ACMFC5H1 ACMFC5I1 ACMFC5J1 ACMFM5L1 ACMFM501 ACMFM511 ACMFM561 ACMFM621 ACMFSUP1 ACPFA0M1 ACPFA0M2 ACPFA0M3 ACPFA0M4 ACPFA0M5 ACPFA001 ACPFA022 ACPFA043 ACPFA044 ACPFA045 ACPFA051 ACPFA052 ACPFA071 ACPFA121 ACPFA142 ACPFA181 ACPFA201 ACPFA221 ACPFA281 ACPFA382 ACPFA481 ACPFB0R1 ACPFB022 ACPFB043 ACPFB044 ACPFB102 ACPFB121 ACPFB142 ACPFB201 ACPFB221 ACPFB331 ACPFB382 ACPFB481 ACPFC0B1 ACPFC0B9 ACPFC0C1 ACPFC0C9 ACPFC0D1 ACPFC0D9 ACPFC0E1 ACPFC0E9 ACPFC0F1 ACPFC0F9 ACPFC0G1 ACPFC0G9 ACPFC0H1 ACPFC0H9 ACPFC0I1 ACPFC0I9 ACPFC0J1 ACPFC0J9 ACPFM0L1 ACPFM001 ACPFM011 ACPFM061 ACPFM121 ACTFM502 ADDT1 ATUSYV1 A1MNUP1 A1MNUP2 A1MNUP3 A1MNUP4 A1MSF2 A1MSF3 A1MSF4 A1NV1 A1NV2 A1NV3 A1NV4 A1PTPXCM A1SAM2 A1SAM3 A1SAM4 A1SPY1 A1SPY2 A1SPY3 A1SPY4 A1SYV2 A1SYV3 A1SYV4 A3PTPX A3PTPXCM A4PTPXCM DDT16 MULTI T1TSO1 T1TSO2 T1TSO3 T1TSO4 T1TS04 MNUOCF* (G) ** (G) CLASS NAME ----- ---- MENUAPPL ** (G) LEVEL OWNER UNIVERSAL ACCESS YOUR ACCESS WARNING ----- -------- ---------------- ----------- ------- 00 EMEDSRGP NONE NONE NO CLASS NAME ----- ---- USER ACCESS ---- ------ NO USERS IN ACCESS LIST READY SETR LIST ATTRIBUTES = INITSTATS WHEN(PROGRAM -- BASIC) TERMINAL(READ) SAUDIT CMDVIOL OPE RAUDIT STATISTICS = $SECURED APLICATN COMMANDS IMFCMD JESDEVIC JOBACCES TSOAUTH AUDIT CLASSES = DATASET USER GROUP $DB2ARMS $ENDEVOR $NETVCMD $NETVIEW $SECURED $SYSVIEW $VPS ACCTNUM ACICSPCT AIMS AIPR ALCSAUTH APLICATN APPCLU APPCPORT APPCSERV APPCSI APPCTP APPL BCICSPCT CA@APE CA@MD CA@NTSYM CACHECLS CBIND CCICSCMD CDT CHA1VIEW CIMS COMMANDS CONSOLE CPSMOBJ CPSMXMP CSFKEYS CSFSERV CXP$ CXT$ DASDVOL DATAMGR DBNFORM DCEUUIDS DCICSDCT DEVICES DIGTCERT DIGTCRIT DIGTNMAP DIGTRING DIMS DIRACC DIRAUTH DIRECTRY DIRSRCH DLFCLASS DSNADM DSNR ECICSDCT EJBROLE FACILITY FCICSFCT FIELD FILE FIMS FSOBJ FSSEC G$CMBSTR G$CPBSTR G$CTBSTR G$CTCHTR GCCMSP0 GCCMST0 GCICSTRN GCPSMOBJ GCSFKEYS GDASDVOL GDSNBP GDSNCL GDSNDB GDSNJR GDSNPK GDSNPN GDSNSC GDSNSG GDSNSM GDSNSP GDSNSQ GDSNTB GDSNTS GDSNUF GDSNUT GEJBROLE GIMS GINFOMAN GLOBAL GMBR GMQADMIN GMQCHAN GMQNLIST GMQPROC GMQQUEUE GSDSF GSOMDOBJ GTERMINL GXCSFKEY GXFACILI HCICSFCT HIMS IBMOPC IIMS ILMADMIN IMFCMD INFOMAN IPCOBJ JAVA JCICSJCT JESDEVIC JESINPUT JESJOBS JESSPOOL JIMS JO@NAME JOBACCES JOBCLASS KCICSJCT KERBLINK KEYSMSTR LDAPBIND LFSCLASS LIMS LOGSTRM MCICSPPT MDSNBP MDSNCL MDSNDB MDSNJR MDSNPK MDSNPN MDSNSC MDSNSG MDSNSM MDSNSP MDSNSQ MDSNTB MDSNTS MDSNUF MDSNUT MENUAPPL MGMTCLAS MIMS MQADMIN MQCHAN MQCMDS MQCONN MQNLIST MQPROC MQQUEUE NCICSPPT NDSLINK NETCMDS NETSPAN NODES NODMBR NOTELINK NVASAPDT OIMS OPERCMDS PA@EL PCICSPSB PERFGRP PIMS PMBR PRINTSRV PROCACT PROCESS PROGRAM PROPCNTL PSFMPL PSISEC PTKTDATA PTKTVAL QCICSPSB QIMS RACFEVNT RACFVARS RACGLIST RAUDITX RCICSRES REALM RMTOPS RODMMGR ROLE RRSFDATA RVARSMBR SCICSTST SDBUPDTE SDSF SERVAUTH SERVER SFSCMD SIMS SMESSAGE SOMDOBJS STARTED STORCLAS SU@MIT SUBSYSNM SUNRISE SURROGAT SYSMVIEW T$CMBSTR T$CPBSTR T$CTBSTR T$CTCHTR TAPEVOL TCCMSP0 TCCMST0 TCICSTRN TEMPDSN TERMINAL TIMS TMEADMIN TSOAUTH TSOPROC UCICSTST UIMS UNIXMAP UNIXPRIV VALIDLID VCICSCMD VTAMAPPL VXP$ VXT$ WAMJ WAMK WCICSRES WIMS WRITER XCSFKEY XFACILIT ACTIVE CLASSES = DATASET USER GROUP $ENDEVOR $NETVCMD $NETVIEW $SECURED $SYSVIEW $VPS ACCTNUM ACICSPCT AIMS AIPR APLICATN APPCLU APPCPORT APPCSI APPL BCICSPCT CA@APE CA@MD CA@NTSYM CCICSCMD CDT CHA1VIEW CIMS COMMANDS CONSOLE CSFKEYS CSFSERV CXP$ CXT$ DASDVOL DATAMGR DCICSDCT DEVICES DIGTCERT DIGTRING DIMS DLFCLASS DSNR ECICSDCT FACILITY FCICSFCT FIELD FIMS FSSEC G$CMBSTR G$CPBSTR G$CTBSTR G$CTCHTR GCCMSP0 GCCMST0 GCICSTRN GCSFKEYS GDASDVOL GIMS GINFOMAN GLOBAL GMBR GMQADMIN GMQNLIST GMQPROC GMQQUEUE GSDSF GTERMINL GXCSFKEY GXFACILI HCICSFCT HIMS IBMOPC IMFCMD INFOMAN JCICSJCT JESDEVIC JESINPUT JESSPOOL JO@NAME JOBACCES JOBCLASS KCICSJCT LOGSTRM MCICSPPT MENUAPPL MGMTCLAS MQADMIN MQCMDS MQCONN MQNLIST MQPROC MQQUEUE NCICSPPT NODES NODMBR NVASAPDT OIMS OPERCMDS PA@EL PCICSPSB PERFGRP PIMS PMBR PROGRAM PROPCNTL PSISEC PTKTDATA PTKTVAL QCICSPSB QIMS RACFVARS RCICSRES RMTOPS RODMMGR RVARSMBR SCICSTST SDBUPDTE SDSF SERVAUTH SIMS SMESSAGE STARTED STORCLAS SU@MIT SUNRISE SURROGAT T$CMBSTR T$CPBSTR T$CTBSTR T$CTCHTR TCCMSP0 TCCMST0 TCICSTRN TERMINAL TIMS TSOAUTH TSOPROC UCICSTST UIMS UNIXMAP UNIXPRIV VALIDLID VCICSCMD VTAMAPPL VXP$ VXT$ WAMJ WAMK WCICSRES WIMS WRITER XCSFKEY XFACILIT GENERIC PROFILE CLASSES = DATASET $ENDEVOR $NETVCMD $NETVIEW $SECURED $SYSVIEW $VPS ACCTNUM ACICSPCT AIMS AIPR ALCSAUTH APLICATN APPCLU APPCPORT APPCSERV APPCSI APPCTP APPL CA@APE CA@MD CA@NTSYM CACHECLS CBIND CCICSCMD CHA1VIEW CIMS COMMANDS CONSOLE CPSMOBJ CPSMXMP CSFKEYS CSFSERV CXP$ CXT$ DASDVOL DATAMGR DBNFORM DCEUUIDS DCICSDCT DEVICES DIGTCERT DIGTCRIT DIGTNMAP DIGTRING DIRACC DIRAUTH DIRECTRY DIRSRCH DLFCLASS DSNADM DSNR EJBROLE FACILITY FCICSFCT FIELD FILE FIMS FSOBJ FSSEC GMBR IBMOPC ILMADMIN IMFCMD INFOMAN IPCOBJ JAVA JCICSJCT JESDEVIC JESINPUT JESJOBS JESSPOOL JO@NAME JOBACCES JOBCLASS KEYSMSTR LFSCLASS LOGSTRM MCICSPPT MDSNBP MDSNCL MDSNDB MDSNJR MDSNPK MDSNPN MDSNSC MDSNSG MDSNSM MDSNSP MDSNTB MDSNTS MDSNUF MDSNUT MENUAPPL MGMTCLAS MQADMIN MQCHAN MQCMDS MQCONN MQNLIST MQPROC MQQUEUE NDSLINK NETCMDS NETSPAN NODES NODMBR NOTELINK NVASAPDT OIMS OPERCMDS PA@EL PCICSPSB PERFGRP PIMS PMBR PROCACT PROCESS PROPCNTL PSFMPL PSISEC PTKTDATA PTKTVAL RACFVARS RACGLIST RCICSRES RMTOPS RODMMGR ROLE RRSFDATA RVARSMBR SCDMBR SCICSTST SDBUPDTE SDSF SERVAUTH SERVER SFSCMD SIMS SMESSAGE SOMDOBJS STARTED STORCLAS SU@MIT SUBSYSNM SUNRISE SURROGAT SYSMVIEW T$CMBSTR T$CPBSTR T$CTBSTR T$CTCHTR TAPEVOL TCCMSP0 TCCMST0 TCICSTRN TEMPDSN TERMINAL TIMS TMEADMIN TSOAUTH TSOPROC UNIXMAP UNIXPRIV VALIDLID VTAMAPPL VXMBR WAMJ WAMK WRITER XCSFKEY XFACILIT GENERIC COMMAND CLASSES = DATASET $DB2ARMS $ENDEVOR $NETVCMD $NETVIEW $SECURED $SYSVIEW $VPS ACCTNUM ACICSPCT AIMS AIPR ALCSAUTH APLICATN APPCLU APPCPORT APPCSERV APPCSI APPCTP APPL CA@APE CA@MD CA@NTSYM CACHECLS CBIND CCICSCMD CHA1VIEW CIMS COMMANDS CONSOLE CPSMOBJ CPSMXMP CRYPTOZ CSFKEYS CSFSERV CXP$ CXT$ DASDVOL DATAMGR DBNFORM DCEUUIDS DCICSDCT DEVICES DIGTCERT DIGTCRIT DIGTNMAP DIGTRING DIRACC DIRAUTH DIRECTRY DIRSRCH DLFCLASS DSNADM DSNR EJBROLE FACILITY FCICSFCT FIELD FILE FIMS FSOBJ FSSEC GMBR IBMOPC IIMS ILMADMIN IMFCMD INFOMAN IPCOBJ JAVA JCICSJCT JESDEVIC JESINPUT JESJOBS JESSPOOL JO@NAME JOBACCES JOBCLASS KEYSMSTR LDAPBIND LFSCLASS LIMS LOGSTRM MCICSPPT MDSNBP MDSNCL MDSNDB MDSNJR MDSNPK MDSNPN MDSNSC MDSNSG MDSNSM MDSNSP MDSNSQ MDSNTB MDSNTS MDSNUF MDSNUT MENUAPPL MGMTCLAS MQADMIN MQCHAN MQCMDS MQCONN MQNLIST MQPROC MQQUEUE MXADMIN MXNLIST MXPROC MXQUEUE MXTOPIC NDSLINK NETCMDS NETSPAN NODES NODMBR NOTELINK NVASAPDT OIMS OPERCMDS PA@EL PCICSPSB PERFGRP PIMS PMBR PRINTSRV PROCACT PROCESS PROPCNTL PSFMPL PSISEC PTKTDATA PTKTVAL RACFEVNT RACFVARS RACGLIST RACHCMBR RAUDITX RCICSRES RDATALIB RIMS RMTOPS RODMMGR ROLE RRSFDATA RVARSMBR SCDMBR SCICSTST SDBUPDTE SDSF SERVAUTH SERVER SFSCMD SIMS SMESSAGE SOMDOBJS STARTED STORCLAS SU@MIT SUBSYSNM SUNRISE SURROGAT SYSMVIEW T$CMBSTR T$CPBSTR T$CTBSTR T$CTCHTR TAPEVOL TCCMSP0 TCCMST0 TCICSTRN TEMPDSN TERMINAL TIMS TMEADMIN TSOAUTH TSOPROC UNIXMAP UNIXPRIV VALIDLID VMBATCH VMBR VMCMD VMLAN VMMAC VMMDISK VMNODE VMPOSIX VMRDR VMSEGMT VTAMAPPL VXMBR WAMJ WAMK WRITER XCSFKEY XFACILIT GENLIST CLASSES = NONE GLOBAL CHECKING CLASSES = DATASET $SECURED ACCTNUM ACICSPCT AIMS AIPR APLICATN APPCLU APPCPORT APPCSI APPCTP APPL CCICSCMD CDT CIMS COMMANDS CONSOLE CSFKEYS CSFSERV DASDVOL DCICSDCT DEVICES DIRAUTH DLFCLASS DSNR FACILITY FCICSFCT FIELD FIMS GMBR IMFCMD INFOMAN JCICSJCT JESDEVIC JESINPUT JESJOBS JESSPOOL JOBACCES JOBCLASS MCICSPPT MENUAPPL MGMTCLAS MQADMIN MQCMDS MQCONN MQNLIST MQPROC MQQUEUE NODES NODMBR NVASAPDT OIMS OPERCMDS PCICSPSB PERFGRP PIMS PMBR PROPCNTL PSFMPL PSISEC RCICSRES RMTOPS RVARSMBR SCDMBR SCICSTST SDBUPDTE SDSF SIMS SMESSAGE STORCLAS SURROGAT TAPEVOL TCICSTRN TEMPDSN TERMINAL TIMS TSOAUTH TSOPROC VALIDLID VTAMAPPL VXMBR WAMJ WAMK WRITER XCSFKEY XFACILIT SETR RACLIST CLASSES = $SYSVIEW ACCTNUM APPL CDT CONSOLE DIGTCERT DIGTRING FACILITY FIELD JESSPOOL LOGSTRM MENUAPPL NODES OPERCMDS PROPCNTL PSISEC PTKTDATA PTKTVAL RACFVARS SDSF SERVAUTH STARTED TSOAUTH TSOPROC UNIXPRIV WRITER XFACILIT GLOBAL=YES RACLIST ONLY = CCICSCMD CSFKEYS CSFSERV RCICSRES SURROGAT TCCMSP0 VTAMAPPL XCSFKEY LOGOPTIONS "ALWAYS" CLASSES = NONE LOGOPTIONS "NEVER" CLASSES = NONE LOGOPTIONS "SUCCESSES" CLASSES = NONE LOGOPTIONS "FAILURES" CLASSES = NONE LOGOPTIONS "DEFAULT" CLASSES = DATASET $DB2ARMS $ENDEVOR $NETVCMD $NETVIEW $SECURED $SYSVIEW $VPS ACCTNUM ACICSPCT AIMS AIPR ALCSAUTH APLICATN APPCLU APPCPORT APPCSERV APPCSI APPCTP APPL BCICSPCT CA@APE CA@MD CA@NTSYM CACHECLS CBIND CCICSCMD CDT CFIELD CHA1VIEW CIMS COMMANDS CONSOLE CPSMOBJ CPSMXMP CRYPTOZ CSFKEYS CSFSERV CXP$ CXT$ DASDVOL DATAMGR DBNFORM DCEUUIDS DCICSDCT DEVICES DIGTCERT DIGTCRIT DIGTNMAP DIGTRING DIMS DIRACC DIRAUTH DIRECTRY DIRSRCH DLFCLASS DSNADM DSNR ECICSDCT EJBROLE FACILITY FCICSFCT FIELD FILE FIMS FSOBJ FSSEC G$CMBSTR G$CPBSTR G$CTBSTR G$CTCHTR GCCMSP0 GCCMST0 GCICSTRN GCPSMOBJ GCSFKEYS GDASDVOL GDSNBP GDSNCL GDSNDB GDSNJR GDSNPK GDSNPN GDSNSC GDSNSG GDSNSM GDSNSP GDSNSQ GDSNTB GDSNTS GDSNUF GDSNUT GEJBROLE GIMS GINFOMAN GLOBAL GMBR GMQADMIN GMQCHAN GMQNLIST GMQPROC GMQQUEUE GMXADMIN GMXNLIST GMXPROC GMXQUEUE GMXTOPIC GSDSF GSOMDOBJ GTERMINL GXCSFKEY GXFACILI HCICSFCT HIMS IBMOPC IDIDMAP IIMS ILMADMIN IMFCMD INFOMAN IPCOBJ JAVA JCICSJCT JESDEVIC JESINPUT JESJOBS JESSPOOL JIMS JO@NAME JOBACCES JOBCLASS KCICSJCT KERBLINK KEYSMSTR LDAPBIND LFSCLASS LIMS LOGSTRM MCICSPPT MDSNBP MDSNCL MDSNDB MDSNJR MDSNPK MDSNPN MDSNSC MDSNSG MDSNSM MDSNSP MDSNSQ MDSNTB MDSNTS MDSNUF MDSNUT MENUAPPL MGMTCLAS MIMS MQADMIN MQCHAN MQCMDS MQCONN MQNLIST MQPROC MQQUEUE MXADMIN MXNLIST MXPROC MXQUEUE MXTOPIC NCICSPPT NDSLINK NETCMDS NETSPAN NODES NODMBR NOTELINK NVASAPDT OIMS OPERCMDS PA@EL PCICSPSB PERFGRP PIMS PMBR PRINTSRV PROCACT PROCESS PROGRAM PROPCNTL PSFMPL PSISEC PTKTDATA PTKTVAL QCICSPSB QIMS RACFEVNT RACFHC RACFVARS RACGLIST RACHCMBR RAUDITX RCICSRES RDATALIB REALM RIMS RMTOPS RODMMGR ROLE RRSFDATA RVARSMBR SCDMBR SCICSTST SDBUPDTE SDSF SECDATA SECLABEL SECLMBR SERVAUTH SERVER SFSCMD SIMS SMESSAGE SOMDOBJS STARTED STORCLAS SU@MIT SUBSYSNM SUNRISE SURROGAT SYSMVIEW T$CMBSTR T$CPBSTR T$CTBSTR T$CTCHTR TAPEVOL TCCMSP0 TCCMST0 TCICSTRN TEMPDSN TERMINAL TIMS TMEADMIN TSOAUTH TSOPROC UCICSTST UIMS UNIXMAP UNIXPRIV VALIDLID VCICSCMD VMBATCH VMBR VMCMD VMEVENT VMLAN VMMAC VMMDISK VMNODE VMPOSIX VMRDR VMSEGMT VMXEVENT VTAMAPPL VXMBR VXP$ VXT$ WAMJ WAMK WCICSRES WIMS WRITER XCSFKEY XFACILIT AUTOMATIC DATASET PROTECTION IS NOT IN EFFECT ENHANCED GENERIC NAMING IS IN EFFECT REAL DATA SET NAMES OPTION IS ACTIVE JES-BATCHALLRACF OPTION IS ACTIVE JES-XBMALLRACF OPTION IS ACTIVE JES-EARLYVERIFY OPTION IS ACTIVE PROTECT-ALL IS ACTIVE, CURRENT OPTIONS: PROTECT-ALL FAIL OPTION IS IN EFFECT TAPE DATA SET PROTECTION IS ACTIVE SECURITY RETENTION PERIOD IN EFFECT IS 9999 DAYS. ERASE-ON-SCRATCH IS ACTIVE, CURRENT OPTIONS: ERASE-ON-SCRATCH BY SECURITY LEVEL IS INACTIVE SINGLE LEVEL NAME PREFIX IS SMPMCS LIST OF GROUPS ACCESS CHECKING IS ACTIVE. INACTIVE USERIDS ARE BEING AUTOMATICALLY REVOKED AFTER 30 DAYS. DATA SET MODELLING IS BEING DONE FOR GDGS. USER DATA SET MODELLING IS BEING DONE. GROUP DATA SET MODELLING IS BEING DONE. PASSWORD PROCESSING OPTIONS: PASSWORD CHANGE INTERVAL IS 30 DAYS. PASSWORD MINIMUM CHANGE INTERVAL IS 1 DAYS. MIXED CASE PASSWORD SUPPORT IS NOT IN EFFECT 12 GENERATIONS OF PREVIOUS PASSWORDS BEING MAINTAINED. AFTER 3 CONSECUTIVE UNSUCCESSFUL PASSWORD ATTEMPTS, A USERID WILL BE REVOKED. PASSWORD EXPIRATION WARNING LEVEL IS 10 DAYS. INSTALLATION PASSWORD SYNTAX RULES: RULE 1 LENGTH(8) LLLLLLLL LEGEND: A-ALPHA C-CONSONANT L-ALPHANUM N-NUMERIC V-VOWEL W-NOVOWEL *-ANYTHING c-MIXED CONSONANT m-MIXED NUMERIC v-MIXED VOWEL $-NATIONAL INSTALLATION DEFINED RVARY PASSWORD IS IN EFFECT FOR THE SWITCH FUNCTION. INSTALLATION DEFINED RVARY PASSWORD IS IN EFFECT FOR THE STATUS FUNCTION. SECLEVELAUDIT IS INACTIVE SECLABEL AUDIT IS NOT IN EFFECT SECLABEL CONTROL IS NOT IN EFFECT GENERIC OWNER ONLY IS IN EFFECT COMPATIBILITY MODE IS NOT IN EFFECT MULTI-LEVEL QUIET IS NOT IN EFFECT MULTI-LEVEL STABLE IS NOT IN EFFECT NO WRITE-DOWN IS NOT IN EFFECT MULTI-LEVEL ACTIVE IS NOT IN EFFECT CATALOGUED DATA SETS ONLY, IS NOT IN EFFECT USER-ID FOR JES NJEUSERID IS : ???????? USER-ID FOR JES UNDEFINEDUSER IS : ++++++++ PARTNER LU-VERIFICATION SESSIONKEY INTERVAL MAXIMUM/DEFAULT IS 30 DAYS. APPLAUDIT IS NOT IN EFFECT ADDCREATOR IS NOT IN EFFECT KERBLVL = 0 MULTI-LEVEL FILE SYSTEM IS NOT IN EFFECT MULTI-LEVEL INTERPROCESS COMMUNICATIONS IS NOT IN EFFECT MULTI-LEVEL NAME HIDING IS NOT IN EFFECT SECURITY LABEL BY SYSTEM IS NOT IN EFFECT PRIMARY LANGUAGE DEFAULT : ENU SECONDARY LANGUAGE DEFAULT : ENU READY END -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Chase, John Sent: Friday, January 06, 2012 7:48 AM To: IBM-MAIN@bama.ua.edu Subject: Re: ACF2/RACF User Appliation Logical Access > -----Original Message----- > From: IBM Mainframe Discussion List On Behalf Of Henke, George > > Does anyone know how ACF2 validates a users access to specific applications? > > Recently we tried to migrate from ACF2 to RACF and were forced to fallback because ACF2 was somehow > *wildcarding* a user's access to applications whereas RACF was iterating through a list of > applications. ??? Did you have the APPL class RACLISTed? If you want to "wildcard" user access to applications in RACF, first ensure you have generics enabled for the APPL class (SETR GENERIC(APPL) GENCMD(APPL) ), then define an APPL profile of ** with UACC(READ) and delete the rest of the APPL profiles; then RACLIST REFRESH the APPL class. If you later want to limit access to some applications, simply define more specific profiles for them with UACC(NONE) and an appropriate access list. > The resulting overhead across 1000's of users exhausted memory leaving no room for LSQA and producing > 878 abends. I think you had something mis-configured. -jc- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN