Hi Don,
many thanks for your hints and details, and to bring my attention to TSSCFILE, which could be a valuable base for reports. Alas, not for my current need, but for other occations.
So, I'm dealing with "WHOHAS" realizing, that it's quite challenging, to get to know, which user has access to a particular privilege like for example DB2SYS(SYSADM). Because I have to take into account not only the users and profiles, which have permitted this privilege, but also indirect possibilities of access. For example, if a batch-acid has the privilege, also all other users and profiles, who are permitted to this acid, have access to the privilege; (a user might submit the job specifying the privileged userid in the jobcard). And there are even more subtile possibilities to have access to the privilege ... as already said: challenging to figure it out ... any additional considerations and hints are more than welcome ... :-)
The other way round, I can read between your lines: Top Secret does not provide that 'kind of recursive analysis' as described here out of the box.
Thanks again and kind regards,
Josef
PS: anyone interested in the rexx as a sample - just let me know ...