I would create a RACF group called something like "IPAPPL" standing for "TCP/IP Application".
Then permit the IPAPPL group to the required profiles. When a new application is written and requires the standard TCP/IP access, connect the userid associated with the application to the "IPAPPL" group. Rob Scott Rocket Software, Inc 275 Grove Street Newton, MA 02466 617-614-2305 [EMAIL PROTECTED] http://www.rs.com/portfolio/mxi_g2 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Denis Gäbler Sent: 22 November 2006 08:16 To: [email protected] Subject: TCPIP Racf Protection for application? Hi, there is a COBOL application which is supposed to do TCP/IP calls nowadays. When starting the application (TCPIPAPP) it requests READ access to the following datasets: SYS1.TCPIP.HOSTS.SITEINFO SYS1.TCPPARMS The application is started with the callers Userid. RACF people don't like to grant generic READ permission to all users. Is there any other solution? Could something like that be used to only allow that specific program access to TCP/IP? PERMIT 'SYS1.TCPPARMS' CLASS(DATASET) ID(*) ACCESS(READ) WHEN(PROGRAM(TCPIPAPP)) Are there better solutions, ideas for that? Thanks, Denis. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
