Did you also enable GENCMD for VMBATCH? I also made VMBATCH GENLIST so that it is cached in memory. That requires a refresh whenever you change it. Here is my setup:
RAC SETROPTS CLASSACT(VMBATCH) RAC SETROPTS GENCMD(VMBATCH) RAC SETROPTS GENERIC(VMBATCH) RAC SETROPTS GENLIST(VMBATCH) RAC RDEFINE VMBATCH * UACC(NONE) RAC PERMIT * CL(VMBATCH) ID(IPGATE) AC(CONTROL) RAC SETROPTS GENLIST(VMBATCH) REFRESH The final point is that if a userid has a discrete profile for VMBATCH, the generic profile is ignored. So, if you have a userid TOOLS, does RAC RLIST VMBATCH TOOLS show you a profile for tools or does it show you the generic one? If it doesn't show the generic one, then you need to either delete the discrete profile (after checking that you won't loose any required permissions when you do) or give IPGATE permission: RAC PERMIT TOOLS CL(VMBATCH) ID(IPGATE) AC(CONTROL) On Wed, Mar 10, 2010 at 10:58 AM, Philip Tully <tull...@optonline.net> wrote: > Hello all, > > I have recently implemented IPGATE between 8 VM systems. The connections are > working fine but only for SFS directories/files which are available to Public. > > I have been told that a generic profile in VMBATCH has been defined with a > PERMIT of IPGATE with CONTROL > > racf setr generic(vmbatch) > racf rdef vmbatch * uacc(none) > racf permit * class(vmbatch) id(ipgate) access(control) > > > On the local system, I can access a tools. directory(which is public read), > then select a sub-directory such as vmftp (which is NOT public is not > allowed to access, but I am). > > On the remote system, I am able to access tools. no problem but when I > attempt to access the vmftp sub-directory the access is rejected. > > BTW:I am a total newbie at RACF. > > regard > Phil > -- Bruce Hayden z/VM and Linux on System z ATS IBM, Endicott, NY