The values you specify in RDEFINE and PERMIT commands for APPCTP profiles affect how the system verifies user access, but in combination with the values in the APPC/MVS TP profiles, the RACF® APPCTP profile, and the APPCPMxx parmlib member. To determine which values are most efficient, you need a general understanding of how the system performs security checks. When an inbound Allocate request for a TP arrives, the system:

1. Verifies the user, through the Userid and Password parameter values on the Allocate request.
2. Searches for the most restrictive RACF profile for which the verified user has EXECUTE or higher authority. To accomplish this, the system searches TP profiles in the following order, beginning with the level specified in the APPCPMxx parmlib member:
   1. USER level TP profiles
   2. GROUP level TP profiles
   3. SYSTEM level TP profiles

   For USER level TP profiles, the system compares the Userid parameter value on the Allocate request with the RACF user ID verified in Step 1.

   For GROUP level TP profiles, the system compares the Profile parameter value on the Allocate request with the group ID value specified in the TP profile. If both the local and partner TPs run on MVS, these values can, but do not have to, represent a RACF group. If the Allocate request does not contain a Profile parameter value, the GROUP level TP profiles cannot be used.