Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Choosing between the PADCHK and NOPADCHK operands z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
With the RDEFINE and RALTER commands for PROGRAM profiles, you can also specify PADCHK or NOPADCHK with the ADDMEM operand. Your choice affects how PADS operates, and which programs you must specify in the conditional access list for a data set when using PADS. During PADS processing, RACF® looks at the program that issued the OPEN for a data set and at other programs executing in the user's program environment. For example, in a TSO environment, when a user runs a program, such as PROG1, other programs will most likely be running concurrently (including such programs as ISPF and various parts of TSO/E). When RACF makes its decision to allow access through PADS, you must have one program in the conditional access list. This can either be the program that issued the OPEN or a higher program in the execution hierarchy (as mentioned before). Additionally, if the user has any other non-LPA programs active, and you defined those programs with PADCHK, you must include them in the conditional access list as well. RACF also checks the PADCHK/NOPADCHK status of a program when a user tries to run a new program. RACF checks if the user has any data sets already open using PADS. If so, and if you define the new program with PADCHK, RACF ensures that the program is included in the data set's conditional access list before allowing the user to run the program. PADCHK is the default when you define a PROGRAM to RACF or when you create a new ADDMEM entry for an existing PROGRAM profile. Guidelines:
|
Copyright IBM Corporation 1990, 2014
|