How can you grant access to resource names greater than 8 characters?
When implementing zOSMF, encountering issues with the EJBROLE resource class.
One of the setup steps in RACF documentation is to add access to these role set to all z/OSMF users.
Users cannot access to resource entity
The Masking Character ASTERISK (*) stands for any 8 characters.
Use a Hyphen (-) instead of a asterisk (*)
From the CA Top Secret Security for z/OS r15.0 Users Guide:
Floating Pattern Masks
A floating pattern mask uses the hyphen (-) to represent a variable number
of characters (including no characters). Resource names containing hyphens
cannot be owned. They must match the ownership of resources defined by
other characters and masks.
Cannot be used in the same resource name with other masking characters
Can only be used in the interior of a resource name
Can only occur at position three or later
The following resource masks are invalid:
Reason why invalid
The hyphen cannot be used at the beginning or end of a resource name.
The hyphen cannot be used in combination with any other masking character.
The hyphen cannot be used before position three of a resource mask.
A floating character mask can represent resource names with multiple
qualifiers or indexes (cross-node resource names).
These examples show how the hyphen mask can be used to cross partial and complete nodes of resource
Resource Mask Matches Does Not Match
ACCT-VEND ACCTPAY.VENDOR ACC.VEND
PAYROLL.-.XMPT PAYROLL.@12W02.XMPT PAYROLL.XMPT
The explicit periods on either side of the mask in the second example
prevent the collapse of the hyphen into a null-string, and prevents the
inclusion of more than one initial qualifier