Lucymarie, RACF questions are always best asked on the RACF-L. That is the forum for RACF related questions.
Now to your specific question... Auditor (system level or group level) gives the user the ability to list any RACF base segment within scope. What it does not do is give the ability to view segments (OMVS, TSO, CICS, etc...) outside the base. To give your auditor the ability to list the content of the TSO segment, you would need to define FIELD USER.TSO.*, and permit them to the resource with READ. Sample commands (assumes you've never used FIELD): SETROPTS GENERIC(FIELD) GENCMD(FIELD) RDEF FIELD USER.TSO.* UACC(NONE) OWNER( specify an owner here ) /* let users see their own TSO segment */ PE USER.TSO.* ID(&RACUID) ACCESS(READ) /* let group "AUDITORS" view all users TSO segments */ PE USER.TSO.* ID(AUDITORS) ACCESS(READ) SETROPTS CLASSACT(FIELD) RACLIST(FIELD) Hayim _____________________________________ Hayim Sokolsky, CISSP Mainframe Security Architect DTCC Corporate Information Security 18301 Bermuda Green Dr, MS 1-CIS Tampa FL 33647-1760 Tel. (813) 470-2177 Lucymarie Ruth <lucymarie.r...@safeway.com> Sent by: IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu> 2009.07.06 21:41 Please respond to IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu> To IBM-MAIN@bama.ua.edu cc Subject RACF AUDITOR authority and OMVS segment Hi. The "z/OS V1R10.0 RACF Security Server RACF Administrator's Guide" says that "The user who has the AUDITOR attribute can list all of the profile information that is available to the SPECIAL user, as well as information that is available to auditors." In table 40 in the same manual, it says that a userid with AUDITOR authority can also specify all operands of the RACF LISTUSER command. However, one of our user's with AUDITOR authority received a message that she did not authority to view an OMVS segment when issueing this: LU user-id NORACF OMVS Is this a bug, a feature, or just an anomaly that needs to be explained? Anyone else noticed this? Lucymarie Ruth, Safeway, Inc. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ________________________________________________________ DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html