The Ping command is used to verify the network path to a given destination. It sends ICMP Echo Request datagrams to the destination and listens for ICMP Echo Reply responses. Normal Network Access Control limits a user's ability to send and receive these datagrams. On a restricted stack, all users are limited to sending and receiving datagrams to destinations in network security zones with security labels equivalent to the stack. On an unrestricted stack, users are limited to destinations equivalent to their own security label. Users with a SYSMULTI security label on an unrestricted stack are limited to those security zones with which they are authorized to communicate.
You can permit SYSMULTI users to use the Ping command for IP addresses in security zones with security labels that are not equivalent to that stack by using the RACF® PERMIT command to give them UPDATE access to the STACKACCESS profile for that stack. You can configure this permission so that it is in effect only for specific programs invoked by the users. For example, to permit users to invoke the Ping command, specify the WHEN(PROGRAM(OPING,PING)) parameter on the PERMIT command.