With RACF

Edit online

Modify your configuration as follows.

  1. Add the following entry to -RHILEV-.RLSPARM(KLVINNAM):

    CLASSES=dynaplst

    where dynaplst is a member in -RHILEV-.RLSPARM.

  2. Define dynaplst in -RHILEV-.RLSPARM to contain: 
    VGWAPLST  EXTERNAL=APPL
    Note: Use the IBM supplied resource class of APPL, as in the previous example or modify your site's resource class with the same definition.

Your RACF administrator must also make the following changes to RACF:

  1. Issue the RDEFINE command using APPL as the class. The resource names are applids and/or session IDs. For more information, see Session types. The session ID corresponds to the ENTITY parameter on the RACHECK (FRACHECK) macro.

    The following example gives universal access to the class APPL:

    READY

    RDEFINE APPL sessionid UACC(READ)

    Note: The sessionid value must be in uppercase.

    Issue the RDEFINE command for each application that is defined within CL/SuperSession.

    The following RACF commands illustrate how to set up more restricted access to an application.

    READY

    RDEFINE APPL sessionid UACC(NONE)

    PERMIT sessionid CLASS(APPL) ID(userid)

  2. Issue the following command:
    READY
SETROPTS CLASSACT(APPL)

If, at any time, definitions in RACF are modified, added, or deleted, they can be reflected immediately by issuing a NAM RACLIST command from the operator facility. For more information on the NAM RACLIST command, see the IBM CL/SuperSession Operator's Guide.

Note: Previous references to session ID can also include or be replaced by VTAM network name (APPLID). Refer to Using administrator functions.

Managing applications based on groups of users

You can use the RACF CONNECT command to manage applications based on user groups as follows:

  1. Define the ICHERCDE macro as described in the chapter about Network Access Manager in the IBM CL/SuperSession for z/OS V2.1 Customization Guide. This example uses a class named $SESSMAN.
  2. Define a group to RACF:

    Addgroup GROUP1 SUPGROUP(SUPGRPNM)

  3. Issue RACF PERMIT commands to permit the application to the group, rather than to the user:

    PErmit TSO CLASS($SESSMAN) ID(GROUP1) ACC(READ)

    PErmit HELPDESK CLASS($SESSMAN) ID(GROUP1) ACC(READ)

  4. Connect the user to the group: 
    CONNECT userid GROUP(GROUP1)
Note: Be sure to issue the following commands to get a new copy of resource list: 
SETROPTS RACLIST ($SESSMAN) REFRESH NAM RACLIST