Page 1 of 1

Giving access on a dataset for other user

PostPosted: Thu May 10, 2012 8:05 pm
by Sivapradeep
Hi,

I(TEST123) want to access a particular dataset of T12345 with READ access at beginning of my program execution and after finishing everything i want the READ access to be revoked on the dataset which i acquired READ permissions in begining.

for this i wrote two JCL for getting READ access and REVOKING access

//DATSETPR EXEC PGM=IKJEFT01,DYNAMNBR=20,REGION=512K
//SYSTSPRT DD SYSOUT=*                             
//SYSTSIN  DD  *                                   
  ADDSD 'T12345.OP.PS' UACC(NONE)                 
  PE  'T12345.OP.PS' ID(TEST123) ACCESS(NONE)     
//                                                 


for revoking the access i'm writing
//DATSETPR EXEC PGM=IKJEFT01,DYNAMNBR=20,REGION=512K
//SYSTSPRT DD SYSOUT=*                             
//SYSTSIN  DD  *                                   
  DELDSD 'T12345.OP.PS'                 
//                                                 


My whole idea is to get READ access on T12345.OP.PS and revoking that READ access at the end. Both has to be successful with MAXCC = 0.

Is the way what i wrote is correct ??

Re: Giving access on a dataset for other user

PostPosted: Thu May 10, 2012 8:16 pm
by Robert Sample
I(TEST123) want to access a particular dataset of T12345 with READ access at beginning of my program execution and after finishing everything i want the READ access to be revoked on the dataset which i acquired READ permissions in begining.
Erroneous assumptions:
1) That RACF is designed to be used this way. It's not.
2) That you can grant yourself authority to a data set profile you do not currently have access to.
3) That there are no other protections that would override what you are attempting to do.
4) That there is some valid business reason you think you want one-time access to the data set.
5) That you can perform security functions at your shop without having a clue what you're doing.

Re: Giving access on a dataset for other user

PostPosted: Thu May 10, 2012 8:26 pm
by dick scherrer
This appears to be the same question as the "surrogate" topic. . .

This one is locked. . .

d