When running the ACFRPTXR report, what do "NC" and "U" next to LOGONID names indicate?

Document ID : KB000025880
Last Modified Date : 14/02/2018
Show Technical Document Details


ACFRPTXR - The Cross-Reference Report reports which users have access to a specified data set or resource, based on standard CA-ACF2 security controls. For each data set or resource specified, ACFRPTXR finds the associated rules and displays the LOGONIDs whose UID strings match the UID parameters in the rule.



The ACFRPTXR-The Cross-Reference Report output displays the (rc) next to LOGONIDs listed in the report specifying why CA-ACF2 permits this LOGONID to have access to this data set or resource.

If a code does not appear on the report, the user has access because the rule allows access.
Possible codes are:

  • O-Owner ("owned data set" PREFIX matches or $LIDOWNER or $UIDOWNER control statement of eTrust CA-ACF2 for DB2 rules match).
  • NC-Non-Cancelable (NON-CNCL attribute).
  • RA-Read-Only Logonid (READALL attribute). This reason code applies only to data set access rules.
  • SC-Scoped Security Officer (SECURITY attribute and matching SCPLIST value).
  • SE-Unrestricted Security Officer (SECURITY attribute and no SCPLIST value).
  • U-UID match (user's UID matches rule UID parameter). This is not listed if it is the only condition met.

Details can be found in "Chapter 20: ACFRPTXR-The Cross-Reference Report" in the CA-ACF2 Security for z/OS Report and Utilities Guide.