z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Example of setting up program control by system ID

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Suppose your installation has two systems in a sysplex and you want to let user Allen run program MYPROG from SYS1 but not from SYS2. You would use these commands.
1. SETROPTS WHEN(PROGRAM)
      /* activates program control                                */

2. ADDSD 'SYS1.LINKLIB' UACC(EXECUTE)
      /* prevents users from copying programs                     */

3. RDEFINE PROGRAM MYPROG ADDMEM('SYS1.LINKLIB'/123456/NOPADCHK) UACC(NONE)
      /* makes MYPROG a controlled program. MYPROG must           */
      /* be a member of 'SYS1.LINKLIB' on volume 123456           */

4. PERMIT MYPROG CLASS(PROGRAM) ID(ALLEN) ACCESS(READ) WHEN(SYSID(SYS1))
      /* user ALLEN can only run the program from system SYS1     */

5. SETROPTS WHEN(PROGRAM) REFRESH
      /* puts the new PROGRAM profile into storage                */
Parent topic: Examples of controlling programs and using PADS

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014