Hello: We want to protect a dataset (only one) from access of any user (included operations users) except one (T99MIHP, no operations user). The job that define and delete the dataset, is submited by control-m. The control-m user is operations and we have create a surrogat entries called T99MIHP.SUBMIT. We've added to this access list the control-m user (T99CTM) with access READ. In this way we can submit the job from control- m with T99MIHP user in job card. But we wan't that T99CTM user can access to dataset in ALTER mode. Only in READ mode. We aren't successful. When we submit the job with T99CTM user, the jobs ended ok and the delete and define the dataset. We want that T99MIHP user can, one and only, access to dataset in ALTER o UPDATE mode. We've included the T99CTM NONE access in the access list of RACF entries (like RACF manual says) but T99CTM user continue deleted and created the dataset. We have done another test. We have removed the operation attribute of one of our sysprog user, and this sysprog user isn't in access list of dataset. The job cancels with a RACF error. It's right. The RACF security administrator guide said that you can limit the access of operation users with the access list option, but we aren't successful. The T99CTM group and T99MIHP group are differents. Neither are operations group. Could be the problem the T99CTM operations attribute?. We couldn't remove it (it's not recommendable).
Thanks Jorge García Juanino Técnico de Sistemas Z/Os DGTP Departamento de Técnica de Sistemas MAPFRE Gobelas 47 - 49 2ª C y D 28023 Madrid Tfno: 91 581 27 34/ 618 33 35 59 Fax: 91 581 24 01 [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
