On Monday, 04/04/2011 at 01:38 EDT, "Martin, Terry R. (CMS/CTR) (CTR)" <terry.mar...@cms.hhs.gov> wrote: > Thanks. One thing since I have never set up anything for the VMLAN RACF class > from the get go I displayed what it looks like now and here is what I see. It > looks like everything is allowed. Do I still need to add a specific profile or > does this rule cover all. This is what it looks like now: > > > > rac sr class(vmlan) > * (G) > > rac rlist vmlan * all > CLASS NAME > ----- ---- > VMLAN * (G) > > LEVEL OWNER UNIVERSAL ACCESS YOUR ACCESS WARNING > ----- -------- ---------------- ----------- ------- > 00 S1V3 UPDATE UPDATE NO
This comes under the heading of "RACF is protecting the VSWITCH," so, yes, you need to add VLAN-qualified profiles. They are not used in the traditional RACF way such that a generic profile would cover it, but instead as a database of associated VLANs. So if the list comes back empty, then CP will give the guest access the to default VLAN id for the VSWITCH. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott