Defining LU-to-LU Access Authority for a Specific LU

To define LU-to-LU access authority for a specific LU and one or more of its partners, use the RDEFINE command for the APPCLU class. The syntax for RDEFINE depends on whether the LU is enabled to support network-qualified names (that is, whether the NQN parameter is specified on the LUADD statement in parmlib member APPCPMxx):

• If the LU is enabled to support network-qualified names (NQN is specified on the LUADD statement), the RDEFINE syntax is:

  RDEFINE APPCLU lnetwork-id.local-lu-name.pnetwork-id.partner-lu-name
          UACC(NONE)

  If you are enabling an existing LU to use network-qualified names, you must complete these APPCLU definitions before issuing the SET command for the parmlib member that contains the LUADD statement with the NQN parameter. See Using Network-Qualified Names Support for a list of the steps required to enable network-qualified names support.

• If the LU is not enabled to support network-qualified names (NONQN is specified on, or used as the default for, the LUADD statement), the RDEFINE syntax is:

  RDEFINE APPCLU lnetwork-id.local-lu-name.partner-lu-name
          UACC(NONE)

In the RDEFINE syntax, variables are defined as follows:

lnetwork-id or pnetwork-id

Is the network ID for the network on which the local LU or partner LU resides. This value is 1 through 8 characters, and matches the value coded for the VTAM® start option NETID. RACF® requires this value to be in discrete form (that is, the value cannot contain any wildcard characters).

local-lu-name

Is the network name of the local LU. This value is 1 through 8 characters, and matches the application name coded on the APPL statement. RACF requires this value to be in discrete form (that is, the value cannot contain any wildcard characters).

partner-lu-name

Is the network name of the partner LU; that is, the 1- through 8-byte network-LU-name portion of their network-qualified names. RACF accepts this value in generic form (that is, the value can contain wildcard characters).

On the partner LU's system, you need a corresponding definition of the two LUs. If RACF is installed on the partner system, define a corresponding APPCLU profile there, with the proper network id and with the LU names in reverse order. For example, if LU01 and LU02 are both enabled for network-qualified names, and reside on network USIBMZ0, you would need to specify the following commands on the LUs' respective systems:

RDEFINE APPCLU USIBMZ0.LU01.USIBMZ0.LU02 UACC(NONE)

RDEFINE APPCLU USIBMZ0.LU02.USIBMZ0.LU01 UACC(NONE)

If LU01 were on network USIBMZ0, and LU02 were on network USIBMZ3, you would specify, on their respective systems:

RDEFINE APPCLU USIBMZ0.LU01.USIBMZ3.LU02 UACC(NONE)

RDEFINE APPCLU USIBMZ3.LU02.USIBMZ0.LU01 UACC(NONE)

If LU01 and LU02 are not enabled for network-qualified names, and reside on network USIBMZ0, you would need to specify the following commands on the LUs' respective systems:

RDEFINE APPCLU USIBMZ0.LU01.LU02 UACC(NONE)

RDEFINE APPCLU USIBMZ0.LU02.LU01 UACC(NONE)