Defining a security profile for binding to DVIPAs in the VIPARANGE statement
You can define a System Authorization Facility (SAF) resource profile in the SERVAUTH class to control access to dynamic VIPAs (DVIPAs) in a VIPARANGE statement in the following ways:
- Control which applications can bind to create a DVIPA
- Control whether an application can bind to create a DVIPA within a specific VIPARANGE subnet
Rule: If you use the BIND parameter
on the PORT statement to create a DVIPA within a VIPARANGE subnet,
and you include the SAF parameter on the PORT statement, creation
of the DVIPA is controlled by both the SAF resource profile associated
with the VIPARANGE statement and the SAF resource profile associated
with the PORT statement. For more information about the SAF parameter
on the PORT statement, see z/OS Communications Server: IP Configuration Reference.
For information about controlling which applications can issue a SIOCSVIPA ioctl call, a SIOCSVIPA6 ioctl call, or call the MODDVIPA utility to create a DVIPA, see Defining a security profile for SIOCSVIPA, SIOCSVIPA6, and MODDVIPA.
This information includes examples that use RACF®. If you are using another security product, see the documentation for that product for the equivalent commands. For more information about RACF, see z/OS Security Server RACF Security Administrator's Guide.