Peter In my prior life as a sysprog, I achieved this by writing an ICHRCX02 exit for RACF.
If you are interested, I still have the source laying around. Here is the prolog : ICHRCX02 TITLE 'RACROUTE REQUEST=AUTH POST-PROCESSING EXIT' *-------------------------------------------------------------------* * THIS EXIT PROVIDES THE CONCEPT OF 'READ-ONLY' SYSTEM PACKS. THE * * IDEA BEING TO PREVENT ANYONE UPDATING DATASETS ON SYSTEM PACKS * * SUCH AS THE SYSRES AND ISV SOFTWARE PACKS - THIS INCLUDES THE * * SYSPROGS! * * * * EMERGENCY ACCESS CAN BE OBTAINED BY GETTING 'ALTER' ACCESS TO * * A GENERAL RESOURCE PROFILE IN THE FACILITY CLASS. THE PROFILE * * SHOULD MATCH THE VOLSER EITHER DIRECTLY OR BY USING GENERICS: * * * * $SYSVOL.* UACC(ALTER) * * $SYSVOL.M%IPR* UACC(NONE) * * $SYSVOL.M%PPP* UACC(NONE) * * * * THE LOGIC OF THE EXIT IS AS FOLLOWS: * * * * 1. IGNORE IF RACF HAS ALREADY FAILED THE REQUEST * * 2. IGNORE ACCESS REQUESTS OF READ * * 3. ONLY PROCESS 'DATASET' CLASS PROFILES * * 4. CHECK THE USERS ACCESS TO THE VOLSER OF THE DATASET USING * * PROFILE $SYSVOL.VOLSER IN THE 'FACILITY' CLASS * * (A) IF USER HAS 'ALTER' AUTHORITY - ALLOW THE REQUEST * * (B) IF PROFILE NOT FOUND - ALLOW THE REQUEST * * (C) OTHERWISE ISSUE MESSAGE AND FAIL THE REQUEST * * * Rob Scott Lead Developer Rocket Software 77 Fourth Avenue . Suite 100 . Waltham . MA 02451-1468 . USA Tel: +1.781.684.2305 Email: rsc...@rs.com Web: www.rocketsoftware.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of mf db Sent: 12 March 2014 11:53 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Volume Restriction Using an EXIT Hello Group, Is there an exit which can help me to restrict a group of ID to access another Volume(Which has list of datasets). For example : JLAB001 must be restricted to access any dataset sitting on JPM009. I am at Z/OS 1.8 level Peter ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
