Hi
We have 5 lpars in a sysplex using the same racf database. We have a requirement to protect one product dataset only in one lpar but to make it available on other 4 lpars.
Any suggestions?
Thanks in advance
Arju
How to protect a dataset only on one lpar
-
steve-myers
- Global moderator
- Posts: 2105
- Joined: Thu Jun 03, 2010 6:21 pm
- Skillset: Assembler, JCL, utilities
- Referer: zos.efglobe.com
Re: How to protect a dataset only on one lpar
You have a confused notion about "protecting" data sets.
Since you are using one RACF data base for all systems, you "protect" the data set on all systems, possibly by using UACC(READ), which allows all users the ability to read, but not update the data set, possibly by defining a data set profile using the ADDSD command:
ADDSD 'data set' GENERIC UACC(READ)
You then determine the users that need to update the data set, and you add access permissions with the PERMIT command :
PERMIT 'dataset' GENRIC ACCESS(access-level) ID(user)
In the PERMIT command a user can be an actual user, or the group of users in which the user is defined. There is no way (nor, in my opinion, is it desirable) to restrict access by LPAR.
Since you are using one RACF data base for all systems, you "protect" the data set on all systems, possibly by using UACC(READ), which allows all users the ability to read, but not update the data set, possibly by defining a data set profile using the ADDSD command:
ADDSD 'data set' GENERIC UACC(READ)
You then determine the users that need to update the data set, and you add access permissions with the PERMIT command :
PERMIT 'dataset' GENRIC ACCESS(access-level) ID(user)
In the PERMIT command a user can be an actual user, or the group of users in which the user is defined. There is no way (nor, in my opinion, is it desirable) to restrict access by LPAR.
-
willy jensen
- Posts: 474
- Joined: Thu Mar 10, 2016 5:03 pm
- Skillset: assembler rexx zOS ispf racf smf
- Referer: saw it in the experts foprum thought I could help here
Re: How to protect a dataset only on one lpar
The PERMIT command has a WHEN( SYSID( system-identifier ... ) ) parameter, perhaps that will do it?
-
Robert Sample
- Global moderator
- Posts: 3720
- Joined: Sat Dec 19, 2009 8:32 pm
- Skillset: Systems programming, SAS, COBOL, CICS, JCL, SMS, VSAM, etc.
- Referer: other forum
- Location: Dubuque, Iowa, USA
Re: How to protect a dataset only on one lpar
PERMIT WHEN(SYSID(…)) only applies to PROGRAM class resources.
As far as I know, as long as you have one RACF database for all five LPARs it is not possible to restrict dataset access by LPAR -- if the dataset is accessible in one LPAR, it has the same access in all the LPARs. If you segregate the one LPAR's RACF database so you can do the restriction, that introduces a number of other problems.
As far as I know, as long as you have one RACF database for all five LPARs it is not possible to restrict dataset access by LPAR -- if the dataset is accessible in one LPAR, it has the same access in all the LPARs. If you segregate the one LPAR's RACF database so you can do the restriction, that introduces a number of other problems.
-
- Similar Topics
- Replies
- Views
- Last post
-
-
PROTECT parm of ALLOCATE cmd of AMS (IDCAMS) failed
by futohomok » Wed Nov 27, 2024 9:53 pm » in VSAM/SMS - 7
- 2367
-
by futohomok
View the latest post
Mon Dec 02, 2024 4:33 pm
-
-
- 2
- 2713
-
by willy jensen
View the latest post
Sat Mar 04, 2023 12:41 pm
-
- 12
- 3785
-
by RalphEagle
View the latest post
Fri Jul 30, 2021 1:00 pm
-
- 3
- 2620
-
by sergeyken
View the latest post
Sat Nov 16, 2024 11:05 pm
-
-
SMTPNOTE - can a font be specified for a dataset?
by Proddish2348 » Sat Jul 01, 2023 5:31 am » in Operating Systems - 0
- 4222
-
by Proddish2348
View the latest post
Sat Jul 01, 2023 5:31 am
-