Is there a CA ACF2 attribute similar to ROAUDIT in RACF?

Document ID : KB000014628
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

The ROAUDIT attribute 


A user who has the ROAUDIT attribute has the authority to list auditing information using the LISTDSD, RLIST, LISTUSER, LISTGRP, SETROPTS LIST, and SEARCH commands, as well as the IRRUT100 utility.

https://www.ibm.com/support/knowledgecenter/SSLTBW_2.2.0/com.ibm.zos.v2r2.icha700/icha700_The_ROAUDIT_attribute.htm

 

Question:

Is there a CA ACF2 attribute similar to ROAUDIT in RACF?

Answer:

AUDIT

A user with the AUDIT privilege defined in their logonid record can display logonid records, access and resource rules, and infostorage records. A logonid with this privilege is known as an auditor. An auditor can issue the ACF SHOW subcommands that display CA ACF2 system control options, but an auditor cannot modify any of these components of the CA ACF2 system. An auditor cannot update or delete logonid records or access any resources other than those authorized through rules, although a site can authorize auditors to update certain logonid record fields. The AUDIT privilege also gives users search and read access to directories in HFS.

Additional Information:

For more information on AUDIT and other CA ACF2 attributes, please review the CA ACF2 documentation.

https://docops.ca.com/ca-acf2-for-z-os/16-0/en/administrating/administer-records/logonid-records/logonid-privileges-and-authorities