I was trying to find out why I had write access to a data set, when I was only expecting read access.
- What profiles are there?
- List a dataset profile (you can use rlist for other resources)
- List the profile for a data set name
Search gives part of the picture
You can search for profiles
SEARCH CLASS(DATASET) MASK(COLIN)
gave me
COLIN.ENCR.* (G)
COLIN.ENCR.** (G)
COLIN.ENCRCLEA.* (G)
COLIN.ENCRDH.* (G)
COLIN.ENCR2.* (G)
COLIN.ENCR3.* (G)
COLIN.MQ944.** (G)
The command (CLASS(DATASET) is the default, so can be omitted)
SEARCH MASK(COLIN,44)
gave me profiles starting with COLIN containing 44
COLIN.MQ944.** (G)
List a profile LISTDSD
tso listdsd dataset('COLIN.MQ944.**')
gave
INFORMATION FOR DATASET COLIN.MQ944.** (G)
LEVEL OWNER UNIVERSAL ACCESS WARNING ERASE
----- -------- ---------------- ------- -----
00 COLIN NONE NO NO
b...
YOUR ACCESS CREATION GROUP DATASET TYPE
----------- -------------- ------------
ALTER SYS1 NON-VSAM
tso listdsd dataset('COLIN.MQ944.SOURCE')
gave
ICH35003I NO RACF DESCRIPTION FOUND FOR COLIN.MQ944.SOURCE
You need the generic option
tso listdsd dataset('COLIN.MQ944.SOURCE') generic
gave
INFORMATION FOR DATASET COLIN.MQ944.** (G)
LEVEL OWNER UNIVERSAL ACCESS WARNING ERASE
----- -------- ---------------- ------- -----
00 COLIN NONE NO NO
...
YOUR ACCESS CREATION GROUP DATASET TYPE
----------- -------------- ------------
ALTER SYS1 NON-VSAM
This says
If I was to use data set ‘COLIN.MQ944.SOURCE’, RACF would check profile COLIN.MQ944.**, and I would have ALTER access to it.
ColinPaice 