> -----Original Message-----
> From: IBM Mainframe Discussion List On Behalf Of Rick Fochtman
>
> Chase, John wrote:
>
> >>-----Original Message-----
> >>From: IBM Mainframe Discussion List On Behalf Of LAMARE Didier
> >>
> >>Good afternoon,
> >>We research the rules that permit the execute of programs
> beginning by
> >>DFH* only from a list of PDS.
> >>How can we do this with RACF, TSS and ACF2?
> >>
> >>
> >
> >With RACF, I *think* you can accomplish that with the PROGRAM class,
> >but I must first warn you that the more I learn about "program
> >control", the less I understand about it.
> >
> >That said, you might try something like this:
> >
> >RDEFINE PROGRAM DFH* UACC(READ)
> >RALTER PROGRAM DFH* ADDMEM('hlq.CICS.SDFHAUTH'//NOPADCHK)
> >RALTER PROGRAM DFH* ADDMEM('hlq.CICS.SDFHLOAD'//NOPADCHK)
> ><etc. for any other relevant libraries> SETROPTS
> WHEN(PROGRAM) REFRESH
> >
> >
> ------------------<unsnip>-------------------
> You got it right, John. Then just "PERMIT" the appropriate
> users to the PROGRAM profile, do another refresh, and you're set.
You mean I guessed right the first time?? That's scary! :-)
But now that I think on it some more, this probably wouldn't accomplish
prohibiting one version of CICS from running, since each CICS region is
its own "environment" and (afaict) "controlling" one "environment" isn't
relevant to another. What this _might_ do is prevent multiple versions
of CICS from running in the same region (aka "environment").
If the "prohibited" version was CICS/ESA 3.3 or later, removing its
authorized library from the APF list would prevent it from initializing.
-jc-
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
