z/OS MVS Planning: APPC/MVS Management
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling User Access from LUs

z/OS MVS Planning: APPC/MVS Management
SA23-1388-00

You can further control a user's access to APPC/MVS LUs by controlling which LU the user's request can come from.

Use RACF® profiles in the APPCPORT class to define which user IDs may access the system from a given LU (APPC port of entry). APPCPORT profile names are of the form partner-lu-name, where partner-lu-name is the locally known name of the partner LU (1 through 8 characters). For example: 
RDEFINE APPCPORT luname UACC(NONE)

PERMIT luname CLASS(APPCPORT) ID(userid or groupid) ACCESS(READ)

If the APPCPORT class is active, APPC/MVS requires that the user have at least READ access to the APPCPORT profile in order to access the system.

Look again at Figure 1. To permit USER01 to initiate MVS TPs such as TPB by request from LU01, you could use the following definition on LU02's system: 
RDEFINE APPCPORT LU01 UACC(NONE)

PERMIT LU01 CLASS(APPCPORT) ID(USER01) ACCESS(READ)
When you are ready to start using the protection defined in the APPCPORT profiles for each LU, the security administrator should activate the APPCPORT class and activate SETROPTS RACLIST processing for the class. For example: 
SETROPTS CLASSACT(APPCPORT) RACLIST(APPCPORT)
Any time an APPCPORT profile is changed, SETROPTS RACLIST processing for the APPCPORT class must be refreshed for the change to take effect: 
SETROPTS RACLIST(APPCPORT) REFRESH
Parent topic: Conversation Security: Protecting APPC/MVS TPs

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014