Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Giving Program Access to the APPC/MVS Administration Utility z/OS MVS Planning: APPC/MVS Management SA23-1388-00 |
|
To ensure that TP profiles and side information files are accessed
only through the APPC/MVS administration utility (ATBSDFMU), the system
security administrator may use the program access to data sets (PADS)
function of RACF® for the data
sets specified in the SYSSDLIB DD statement. For a PADS environment,
the administrator must define certain programs to the RACF PROGRAM class; those programs vary, depending
on the method used to invoke the utility:
For example, to give administrators in the ADMIN01 group access,
use the following commands:
If you encounter messages ATB369I or ICH408I after defining these programs, follow the procedure in z/OS Security Server RACF Diagnosis Guide for obtaining traces for PADS errors. This procedure helps identify additional programs that require definition to the RACF PROGRAM class. If the APPC/MVS administration dialog is used as the interface
to the utility, and PADCHK is specified in any of the members defined
in the PROGRAM class profile, then all programs that are loaded under
the TCB must be included in the conditional access list for all data
sets being opened. Additionally, ICQASLI0 must be in the conditional
access list of any data sets being opened. The following command
may be used:
Note: Program control must be active on the system for this access
control to take effect. For more information about controlling program
access to data sets, see z/OS Security Server RACF Security Administrator's Guide.
|
Copyright IBM Corporation 1990, 2014
|