Is there an ACF2 equivalent/emulation to RACF RESTRICTED attribute?

Document ID : KB000113654
Last Modified Date : 12/09/2018
Show Technical Document Details
Question:
Is there an ACF2 equivalent/emulation to RACF RESTRICTED attribute?
Answer:
There is no ACF2 equivalent 'RESTRICTED ACCESS' for z/OS datasets and resources(since z/OS datasets and resources are protected by default) however there is for UNIX files and directories when using native UNIX security. Sites can use either CA ACF2 SAF HFS security or native UNIX security(file permission bit settings). The default is native UNIX security.

ACF2 will set ACEERAUI in ACEEFLG6 in the ACEE to restrict a user's access to UNIX files and directories when a site is using native UNIX security. 

The ACF2 loognid RSTDACC|NORSTDACC field controls whether a user has restricted access to UNIX directories and files based on owner or group permissions, not on other permissions, when the user does not have at least read access to the UNIXPRIV resource, RESTRICTED.FILESYS.ACCESS. 

To assign the RSTDACC privilege to a user's logonid the following commands can be used from TSO, ACF:

SET LID
CHANGE logonid RSTDACC

For additional information see ACF2 documentation section: 'Restricted Access to UNIX File System Resources'.