You can call IRRSEQ00 (R_Admin) services within an assembler program to issue RACF commands like LISTDSD and RLIST and you don't need to be APFed for what you want to do. No audit records are cut and no messages to syslog for violations. The command results are sent back into a buffer that you need to parse to find the access level message. See http://tinyurl.com/29f4x9 for the manual, and if you wish, I can send you an assembler example on how to do this to get you started.
George Fogg PS: IBM states that command output is not a programming interface. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of David Eisenberg Sent: Saturday, February 23, 2008 6:29 PM To: [email protected] Subject: Re: Newbie RACROUTE question: how to *test* authorization? >For your own userid, you can use LISTDSD or RLIST to check resource authorization without cutting audit records.< That would be perfect... is LISTDSD something I can do from within an assembler program? Or is there an assembler macro equivalent? All I really need to do is, from within an assembler application, invoke some function that will tell me whether or not the current userid is authorized via a given RACF profile to *read* a resource. The userid will always be either the person who is logged onto TSO or is the submitter of a batch job. It will never be anyone else. I guess I should have said that up front... sorry... David ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
