Discussion:
Can I cause another user to refresh their ACEE?
Add Reply
Smith III, Phil , HPE Data Security Voltage
2017-07-28 01:17:58 UTC
Reply
Permalink
Raw Message
It's been a while, but I'm quite sure that at one installation at least I had authority to issue a command that "refreshed" a user's ACEE so that the changes I'd just made to his access would take place immediately without his having to log off and on again. I had the impression that it was an operator command; I'm pretty sure it was at an ACF2 installation, and that I had to issue from within ACF2, not at the ISPF command line.
TSS has a REFRESH command for that purpose, and it sometimes works for me. Other times it claims not to see anything for the indicated user; I haven't figured out the pattern yet.
I can't believe ACF2 and TSS invented this capability and it's somehow not available with RACF. But I'm not a systems programmer, so I don't know how it would work, and if a systems guy says it's impossible I can't contradict more knowledgeably than to assert that I definitely have had this capability in previous jobs.
If I had to guess—and that’s all I can do—some of this may well have to do with WHAT’S being changed. Some things likely live in the ACEE; some are likely hung off of it. One of those will be refreshed instantly, the other not until the user logs off and back on.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Steve Beaver
2017-07-28 02:15:47 UTC
Reply
Permalink
Raw Message
Acf2 has set norlues

Sent from my iPhone

Sorry for any grammar problems
Post by Smith III, Phil , HPE Data Security Voltage
It's been a while, but I'm quite sure that at one installation at least I had authority to issue a command that "refreshed" a user's ACEE so that the changes I'd just made to his access would take place immediately without his having to log off and on again. I had the impression that it was an operator command; I'm pretty sure it was at an ACF2 installation, and that I had to issue from within ACF2, not at the ISPF command line.
TSS has a REFRESH command for that purpose, and it sometimes works for me. Other times it claims not to see anything for the indicated user; I haven't figured out the pattern yet.
I can't believe ACF2 and TSS invented this capability and it's somehow not available with RACF. But I'm not a systems programmer, so I don't know how it would work, and if a systems guy says it's impossible I can't contradict more knowledgeably than to assert that I definitely have had this capability in previous jobs.
If I had to guess—and that’s all I can do—some of this may well have to do with WHAT’S being changed. Some things likely live in the ACEE; some are likely hung off of it. One of those will be refreshed instantly, the other not until the user logs off and back on.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Rob Scott
2017-07-28 11:54:25 UTC
Reply
Permalink
Raw Message
RACF maintains an in-storage cache of recently referenced profiles that is pointed to from the ACEE.

A possible way of achieving what you desire in RACF would be for the user to perform a number of "RACROUTE REQUEST=AUTH" for different profiles to "flush" the previous entries in the cache.

I know this technique used to work in the 1990s - I have not tested it recently.

Rob


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Smith III, Phil (HPE Data Security (Voltage))
Sent: Friday, July 28, 2017 2:19 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: Can I cause another user to refresh their ACEE?
It's been a while, but I'm quite sure that at one installation at least I had authority to issue a command that "refreshed" a user's ACEE so that the changes I'd just made to his access would take place immediately without his having to log off and on again. I had the impression that it was an operator command; I'm pretty sure it was at an ACF2 installation, and that I had to issue from within ACF2, not at the ISPF command line.
TSS has a REFRESH command for that purpose, and it sometimes works for me. Other times it claims not to see anything for the indicated user; I haven't figured out the pattern yet.
I can't believe ACF2 and TSS invented this capability and it's somehow not available with RACF. But I'm not a systems programmer, so I don't know how it would work, and if a systems guy says it's impossible I can't contradict more knowledgeably than to assert that I definitely have had this capability in previous jobs.
If I had to guess—and that’s all I can do—some of this may well have to do with WHAT’S being changed. Some things likely live in the ACEE; some are likely hung off of it. One of those will be refreshed instantly, the other not until the user logs off and back on.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
================================
Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 877.328.2932
Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport
Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences
Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy
================================

This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Loading...