You need more than 'irr.radmin.listuser', it's performing and extract not listuser.. We use it in our product....
Scott On Monday, June 20, 2016, Itschak Mugzach <[email protected]> wrote: > Yes i did. Somehow, the "EXTRACT" permission was not covered by the generic > profile. may be it is a non-generic check? Other users was able to use the > service, but not the protected one. > > ITschak > > > ITschak Mugzach > Z/OS, ISV Products and Application Security & Risk Assessments Professional > > On Mon, Jun 20, 2016 at 3:29 PM, Roach, Dennis <[email protected] > <javascript:;>> wrote: > > > FACILITY is RACLISTd. Did you refresh? > > > > Dennis Roach, CISSP, PMP > > AIG > > IAM Access Administration – Consumer | Identy & Access Management > > > > 2929 Allen Parkway, America Building, 3rd Floor | Houston, TX 77019 > > Phone: 713-831-8799 > > > > [email protected] | www.aig.com > > > > All opinions expressed by me are mine and may not agree with my employer > > or any person, company, or thing, living or dead, on or near this or any > > other planet, moon, asteroid, or other spatial object, natural or > > manufactured, since the beginning of time. > > > > -----Original Message----- > > From: IBM Mainframe Discussion List [mailto:[email protected] > <javascript:;>] On > > Behalf Of Itschak Mugzach > > Sent: Monday, June 20, 2016 1:44 PM > > To: [email protected] <javascript:;> > > Subject: IRRXUTIL not authorized, but it is. > > > > co-posted to ibm-main and racf-l (which said to be sleepy lately ;-) I > > have a rexx exec running a protected user with AUDITOR attribute that has > > read access to IRR.RADMIN.LISTUSER. on call x = > IRRXUTIL("extract","user", > > muki","mystem","r_") I get 12 12 8 8 24 which means the user is not > > authorized to the service. Am I missing something? > > > > ITschak > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > email > > to [email protected] <javascript:;> with the message: INFO > IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] <javascript:;> with the message: > INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] <javascript:;> with the message: > INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
