z/OS TSO/E Customization
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Activating APPL verification

z/OS TSO/E Customization
SA32-0976-00

By default, TSO/E users can log on to any system in a sysplex with a shared RACF® database. To limit user's access to specific systems, follow these steps:
  1. Activate the APPL class in RACF and define profiles for each of your systems or groups of systems.
  2. Change the VERIFYAPPL parameter on the LOGON statement in the SYS1.PARMLIB member IKJTSOxx from the default of VERIFYAPPL(OFF) to VERIFYAPPL(ON).
  3. Use the MVS™ SET IKJTSO=xx or TSO/E PARMLIB UPDATE(xx) command to update the system settings.
This tells TSO/E logon processing to pass an APPL to the RACROUTE VERIFY request for user authorization. For more information about the VERIFYAPPL parameter, see .

TSO/E determines the APPL using the following method. To use this support, these profiles must be defined in RACF.

  • If VTAM® generic resources are used for TSO/E, define the application name using the TCASGNAM defined in the TSOKEYxx, SYS1.PARMLIB member.
  • If VTAM generic resources are not used, define the application name using the format TSOxxxx, where xxxx is the SID (or SMF system ID) defined in the SMFPRMxx member of SYS1.PARMLIB. For example, if the SID is 3390, type TSO3390 in the profile. For more information, see .
Parent topic: Customizing the logon and logoff process

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014