If a dataset has a discrete profile defined and also falls under a generic dataset profile, which access rule is applied?
For e.g. there is a discrete dataset profile A.B.C with ALTER access defined for user A. There is also a generic dataset profile A.B.** with READ access defined for user B.
Will user B be able to read dataset A.B.C?
On
If a data set is protected by both a generic profile and a discrete profile, the discrete profile sets the level of protection for the data set. If a data set is protected by multiple generic profiles, the most specific generic profile sets the level of protection for the data set.
From Choosing between discrete and generic profiles. This publication is for 2.1 but I guess it will apply to 2.2 and 2.3 also.
In other words you can use a generic profile for A.B.* to restrict the access to the user and at the same time make a discrete profile to grant access for A.B.C.
Since there is a discrete dataset profile defined for
A.B.C, that profile will be used for access checks. If access is needed for B then B would also need to be permitted in some manner to the discrete dataset profile. This is from experimentation only, but the IBM documentation for the RACHECK marco hints at this behavior with its discussion of the GENERIC parameter.