APPC/MVS administrators need READ access to view TP profiles and UPDATE access to create, modify, and delete TP profiles. APPC users need EXECUTE access to a TP profile to run the associated transaction program. For example, assume TPB in Figure 1 is in a system-level TP profile with a database token of TOKEN2, protected with the following command:

RDEFINE APPCTP TOKEN2.SYS1.TPB UACC(NONE)

• To give administrator ADMIN01 access to view the contents of the TP profile for TPB:

  PERMIT TOKEN2.SYS1.TPB CLASS(APPCTP) ID(ADMIN01) ACCESS(READ)

• To give administrator ADMIN02 access to change the contents of the TP profile for TPB, for example, to add some JCL:

  PERMIT TOKEN2.SYS1.TPB CLASS(APPCTP) ID(ADMIN01) ACCESS(UPDATE)

• To give user USER01 access to run TPB:

  PERMIT TOKEN2.SYS1.TPB CLASS(APPCTP) ID(USER01) ACCESS(EXECUTE)

To protect TP profiles and the inbound TPs they represent, collect the following information and, if necessary, give it to your security administrator:

• A list of all TP profiles to be protected, in the form dbtoken.level.tpname
• A list of user IDs of APPC users needing EXECUTE access to each TP profile
• A list of user IDs of APPC/MVS administrators needing READ or UPDATE access to each TP profile.

When you are ready to start using the protection defined in the APPCTP profiles, the security administrator should activate the APPCTP class and activate SETROPTS RACLIST processing for the class. For example:

SETROPTS CLASSACT(APPCTP) RACLIST(APPCTP)

Any time an APPCTP profile is changed, SETROPTS RACLIST processing for the APPCTP class must be refreshed for the change to take effect.

SETROPTS RACLIST(APPCTP) REFRESH