z/OS MVS Planning: APPC/MVS Management
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Prohibiting Security_None Allocate Requests

z/OS MVS Planning: APPC/MVS Management
SA23-1388-00

Protecting an LU by prohibiting security_none Allocate requests consists of these steps:

  1. Defining the LU profile in a RACF® APPL class (RDEFINE command)
    As in Step 1 under Granting Access to Only Specific Users or Groups, use this RDEFINE command for LU02: 
    RDEFINE APPL LU02 UACC(NONE)
    Specifying RDEFINE with UACC(NONE) prohibits anyone from accessing that LU.
  2. Allowing access to the LU (PERMIT command)
    Again, as in Step 2 under Granting Access to Only Specific Users or Groups, use a PERMIT command for LU02 with one key difference: the value specified for ID. 
    PERMIT LU02 CLASS(APPL) ID(*) ACCESS(READ)

    Specifying ID(*) allows only Allocate requests with a security_type of security_pgm or security_same to be accepted for this LU.

  3. Activating the changes to an APPL class profile (SETROPTS command)
    As in Step 3 under Granting Access to Only Specific Users or Groups, the security administrator should activate the APPL class and activate SETROPTS RACLIST processing for the class by issuing: 
    SETROPTS CLASSACT(APPL) RACLIST(APPL)
    Any time an APPL profile is changed, SETROPTS RACLIST processing for the APPL class must be refreshed for the change to take effect: 
    SETROPTS RACLIST(APPL) REFRESH

After you issue RDEFINE, PERMIT, and SETROPTS as illustrated, APPC/MVS rejects all inbound requests for that LU that have a security type of security_none because those requests are not associated with a user ID.

Parent topic: Controlling User Access to LUs

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014