Required Permissions

The service account configured for SailPoint in the RACF source must have the SPECIAL attribute to provision all RACF entries. To limit the scope of the service account, the group-SPECIAL attribute may be set to the user’s connection to the group as needed. Aggregations and SYNC (GET) operations are done under the control of the CTSACS STC user.

Note
Protected users don't need Special or Auditor privileges for account or group aggregation. Protected users may be used only if ALLOW_ADMIN_WITHOUT_PSWD is set to Y in RSSPARM.

To add the SPECIAL attribute to the RACF user (administrator) use the following command:

ALU 'userid' SPECIAL

To add the group-SPECIAL attribute to the RACF user (administrator) for a specific group, use the following command:

CONNECT ‘userid’ GROUP(<group_name>) SPECIAL

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Required Permissions

Documentation Feedback