Terry, To solve the problem of having to grant two accesses for each guest, I have defined RACF groups that have the double access and connect the Linux guests to the RACF groups. As a bonus, a RAC LU <userid> also shows the vlans the guests is authorised to... and a RAC LG VLN#nnnn shows the guest authorised to use the vlan.
RAC AG VLN#0472 ..... RAC AG VLN#0851 ..... RAC PE SYSTEM.VSE4DD11 CL(VMLAN) ID(VLN#0472 VLN#0851) ACC(UPD) RAC PE SYSTEM.VSE4DD11.0472 CL(VMLAN) ID(VLN#0472) ACC(UPD) RAC PE SYSTEM.VSE4DD11.0851 CL(VMLAN) ID(VLN#0851) ACC(UPD) I've used the '#' in the group, as it is not allowed in an user-id, but you'll normally have to escape it on the command line with a double quote! Now when a linux guest needs access to a vlan, just connect it to the right VLN#nnnn group. Ronald van der Laan