how to racf protect particular options in a ISPF panel



TSO Programming, ISPF, SDF, SDSF and PDF, FTP, TCP/IP Concepts, SNA & SNA/IP etc...

how to racf protect particular options in a ISPF panel

Postby poojithas » Sun May 05, 2013 7:29 am

Hi,
In our site we have M More IBM Products panel ( panel id IBMPRODS ), in this panel we have options to select various products like HCD, ISMF etc., . I want to allow only certain users to select HCD & ISMF options.
I have full access to RACF, is there a way to do this using RACF. Can I do racf check in IBMPRODS panel definition, please help.
poojithas
 
Posts: 22
Joined: Sun May 05, 2013 7:11 am
Has thanked: 0 time
Been thanked: 0 time

Re: how to racf protect particular options in a ISPF panel

Postby steve-myers » Sun May 05, 2013 9:00 am

I don't think there is anything in ISPF for this.

SDSF does extensive RACROUTE calls for options in its SDSF PRIMARY OPTION MENU. For all I know other products do something similar, but, truly, that's the extent of my knowledge.
steve-myers
Global moderator
 
Posts: 2105
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 243 times

Re: how to racf protect particular options in a ISPF panel

Postby jaggz » Mon May 06, 2013 9:16 am

Poojithas,

Instead of RACF protecting you can create a seperate TSOPROC and remove the datasets related to hcd,ismf,racf from the DD statements.

Please let me know if you are still not CLEAR.

Jaggz
User avatar
jaggz
 
Posts: 356
Joined: Fri Jul 23, 2010 8:51 pm
Has thanked: 8 times
Been thanked: 5 times

Re: how to racf protect particular options in a ISPF panel

Postby Stefan » Mon May 06, 2013 8:06 pm

The ISPF panel language itself does not provide any means for a security check. But you might consider using embedded REXX when verifying a selected option.
Have a look at the manuals.
Your coding could look like
IF (&OPTION = 1)
   *REXX(ACCESS)
   access = 0
   acee   = c2d(storage(d2x(asxb+200),4))
   len    = c2d(storage(d2x(acee+29),1))
   gid    =     storage(d2x(acee+30),len)
   tid    =     storage(d2x(acee+64),8)
   cgrp   = c2d(storage(d2x(acee+116),4))
   if cgrp <> 0 then do
      if storage(d2x(cgrp),4) = "CGRP" then do
         numofgrp = c2d(storage(d2x(cgrp+8),2))
         grpent = cgrp+32
         do i = 1 to numofgrp
            group = storage(d2x(grpent),8)
            if group = 'RACADM' then access = 1
            grpent = grpent + 24
         end
      end
   end
   exit 4
   *ENDREXX
IF (&ACCESS = 0)
    .MSG    = MS0029
    .MSGLOC = OPTION

This assumes that you're checking the selection variable OPTION. Now the REXX checks if the TSO user is a member of RACF group RACADM. If so it sets the variable ACCESS to "1", otherwise the variable will have "0". After processing the embedded REXX you can issue an error message according to the content of the variable ACCESS.

Give it a try
There are 10 types of people in the world: Those who understand binary, and those who don't.
User avatar
Stefan
 
Posts: 27
Joined: Tue Aug 21, 2012 3:02 pm
Has thanked: 0 time
Been thanked: 2 times


Return to TSO & ISPF

 


  • Related topics
    Replies
    Views
    Last post