If your shop does not already do this, consider a global rule that allows the
*owner* of a data set full access control. The following 'rule' allows just
that.
CLASS NAME
----- ----
GLOBAL DATASET
MEMBER CLASS NAME
------ ----- ----
GMBR
RESOURCES IN GROUP
--------- -- -----
&RACUID.*/ALTER (G)
...
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
[email protected]
-----Original Message-----
From: IBM Mainframe Discussion List <[email protected]> On Behalf Of
Mike Hochee
Sent: Friday, November 6, 2020 3:00 PM
To: [email protected]
Subject: (External):Re: Can a non-admin restrict others from viewing one of
their own MVS data sets?
*** EXTERNAL EMAIL - Use caution when opening links or attachments ***
You might make a case to your security admins for UACC(NONE) for data set(s)
involving your profile or add a profile for a specific data set with universal
access none, yet providing you with whatever is needed; read, update, or alter.
(this assumes you are using RACF, not sure of the TSS or ACF2 equivalents
offhand)
Another possibility is the TSO PROTECT command, which I have never used and do
not recommend, but nonetheless an option.
HTH,
Mike
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Frank Swarbrick
Sent: Friday, November 6, 2020 4:43 PM
To: [email protected]
Subject: Can a non-admin restrict others from viewing one of their own MVS data
sets?
Caution! This message was sent from outside your organization.
In the Unix world one can use chmod (change mode) on their own files to make it
so non-superusers cannot view a particular file. Is there anything similar for
MVS data sets?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
