z/OS UNIX System Services Planning
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling access to applications

z/OS UNIX System Services Planning
GA32-0884-00

If the APPL class for the security product is active, you can use a combination of profiles in the APPL class and the APPL operand on the RACROUTE REQUEST=VERIFY macro to determine which users are allowed to use specified applications as they enter the system. For example, if you do not want all of your users to use certain applications, you can activate the APPL class and create a profile with an access list that contains only those users who are allowed to access these applications.

When specifying a profile, you have two choices: use the OMVSAPPL application ID (APPLID) or create a customized APPLID. In some cases, OMVSAPPL is the value that is always used for the APPLID parameter.

If no customization is done, the following services specify OMVSAPPL for the APPLID value. If the APPL class is active, use of these services can be limited to those users who have access to the OMVSAPPL resource in the CLASS(APPL).
  • __login
  • pthread_security_np
  • __passwd when there is no password or password phrase change specified
  • __passwd when the calling process did not call pthread_security_np
In certain cases, if you customize the APPLID-related fields in the BPXYTHLI, you can change the value used for the APPLID parameter for these services:
  • pthread_security_np
  • __passwd
The following C functions allow the APPLID to be specified other than OMVSAPPL when invoking the service:
  • __login _applid
  • __passwd_applid
  • pthread_security__applid_np

For more information about protecting applications, see z/OS Security Server RACF Security Administrator's Guide.

Parent topic: Establishing UNIX security

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014