You need to be much more specific: Your response appears inconsistent. First you say don't let the user access datasets on a different storage group. Then you say to deny the user access to volumes in a specific group. Which is it? Can user JLAB001 access datasets only on JPM009 or can he access datasets on any volume other than JPM009?
Since you are using SMS, how do you insure that a user's datasets are placed (or not placed) on the specified volume? What does going out of control mean? If you make the user RESTRICTED, what access does the user have that you don't want? Is there a naming convention for the datasets on this volume? Is the user a member of a unique group (such as TRAINEE)? How many other groups is the user connected to? How do you plan to deal with "essential" datasets such as SYS1.HELP or the ISPF panel libraries which are not on the specified volume? What are the UACC and Global attributes of the datasets you want to hide from the user? Does it matter if the user can see the name of prohibited dataset even if he cannot access the contents? :>: -----Original Message----- :>: From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On :>: Behalf Of mf db :>: Sent: Wednesday, March 12, 2014 8:19 AM :>: To: IBM-MAIN@LISTSERV.UA.EDU :>: Subject: Re: Volume Restriction Using an EXIT :>: :>: Hello Liz, :>: :>: Its for SMS managed :>: This volumes are not shared. :>: We use RACF :>: :>: This is our education system and whole idea is to ensure that User :>: should :>: never try to access any other Dataset lying on different Storage Group. :>: We :>: tried with RESTRICTED attributes but still we see it as going out of :>: control. :>: :>: "(2) to only deny access to the specific volume to members of the :>: specific group" :>: :>: If there is way to restrict based on STORAGE group I am really willing :>: to :>: refer,learn and implement it in my Shop. :>: :>: :>: :>: :>: On Wed, Mar 12, 2014 at 5:47 PM, Lizette Koehler :>: <stars...@mindspring.com>wrote: :>: :>: > A few questions :>: > :>: > 1) Are these SMS or NON-SMS Volumes :>: > 2) Are these volumes shared by more than one LPAR? :>: > 3) What is your SAF Product? ACF2, TSS, RACF :>: > :>: > What problem are you trying to solve? :>: > :>: > Thanks :>: > :>: > Lizette :>: > :>: > :>: > > -----Original Message----- :>: > > From: IBM Mainframe Discussion List [mailto:IBM- :>: m...@listserv.ua.edu] On :>: > > Behalf Of mf db :>: > > Sent: Wednesday, March 12, 2014 4:53 AM :>: > > To: IBM-MAIN@LISTSERV.UA.EDU :>: > > Subject: Volume Restriction Using an EXIT :>: > > :>: > > Hello Group, :>: > > :>: > > Is there an exit which can help me to restrict a group of ID to :>: access :>: > another :>: > > Volume(Which has list of datasets). :>: > > :>: > > :>: > > For example : JLAB001 must be restricted to access any dataset :>: sitting on :>: > JPM009. :>: > > :>: > > :>: > > I am at Z/OS 1.8 level ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
