z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Protecting applications

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

For applications that specify the APPL operand on the RACROUTE REQUEST=VERIFY macro, you can use a profile in the APPL class to control which users can access the application.

To do this, perform the following steps:
  1. Determine the name of your application.
  2. Verify with your programmer that the name of the application is specified on the APPL operand of the RACROUTE REQUEST=VERIFY macro.
  3. Create a profile in the APPL class: 
    RDEFINE APPL applname UACC(NONE)
  4. Give users and groups READ access, as appropriate. 
    PERMIT applname CLASS(APPL) ID(userid or groupname) ACCESS(READ)
  5. If you have not already done so, activate the APPL class:
    SETROPTS CLASSACT(APPL)
  6. For performance reasons, request SETROPTS RACLIST or SETROPTS GENLIST processing for the APPL class.
    Note: This might be important if many users enter the system under control of your application (where your application issues the RACROUTE REQUEST=VERIFY macro for each user).

For information on how authorization checking takes place, see Authorizing access to RACF-protected applications.

For details about how CICS® uses APPL profiles to control access to CICS regions, visit CICS Transaction Server for z/OS Information Center..

Parent topic: Protecting general resources

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014