There's nothing special about TSO; HLQ=userid is handled the same way in batch, STC and TSO.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of R.S. [[email protected]] Sent: Thursday, November 12, 2020 5:05 AM To: [email protected] Subject: Re: Can a non-admin restrict others from viewing one of their own MVS data sets? W dniu 06.11.2020 o 22:43, Frank Swarbrick pisze: > In the Unix world one can use chmod (change mode) on their own files to make > it so non-superusers cannot view a particular file. Is there anything > similar for MVS data sets? Few points: 1. In MVS world there is no concept of file ownership like in Unix. 2. For TSO users HLQ=userID is special case, but it is rather "ALTER by default", which is hard to restrict and it has very little to do with authorities management. 2.1 Such datasets are called "his own" despite there is no ownership concept. 2.2 Note, special treatment is not for every RACF user, it is for TSO users only. So, for example ftp and many other methods are excluded (assuming the user has no TSO segment). 3. Every TSO user may or may NOT have rights to manage dataset authorities, his own (HLQ=userid) OR OTHER DATASETS. 4. Details depend on your setup. Usually "his own" datasets are in scope of the user (userid is the owner of userid.** profile) and that is enough to manage access list and UACC. 5. However admin may restrict RACF commands like AD, ALDSD nad PE and then user cannot use them to manage rights. There are other methods also. HTH -- Radoslaw Skorupka Lodz, Poland ====================================================================== Jeśli nie jesteś adresatem tej wiadomości: - powiadom nas o tym w mailu zwrotnym (dziękujemy!), - usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś na dysku). Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza) tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać karze. mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa,http://secure-web.cisco.com/1-0IRK32nm4q6txl1FSw7M3xM6GH7-EC9OQiAzAhOio3Yq5wCTu_S5ZGUBO6sdbacXaIKq8x45SOlPBJzlIv02jStB7o3aU0CJmDPSd6rjgBUTkhmphZ2_CodtoS_1xVRnWceMtrUQJ3fbuP9KDNhvEd6Q8HTNtpxC6xGei6HIKJ8kCevAjFGa_kZOefcFDsmvG6ChCk-vQnW2Qtd_pXovyokq6pfPnVQ6321NxsbFbVN3dCcnbHkSliZAUtlD2R9kQJRmV_ZedARpm8VxHlAyjMYlR7hMK-IF4YU8iKnsa7_XohSAbu1X9PY0920wELJZ_OtplOA4gsFiPzpBM09JfvdFl32TRMUt2SFtDeKIahadioCWt2ZSiSz6trEbmWLpiVswzafTiALk3iWvLU9OtWs2WkNG89A2OUFkkOGC5dcGix1ZX1c97ZN_M3h0iC3/http%3A%2F%2Fwww.mBank.pl, e-mail: [email protected]. Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237, NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na 01.01.2020 r. wynosi 169.401.468 złotych. If you are not the addressee of this message: - let us know by replying to this e-mail (thank you!), - delete this message permanently (including all the copies which you have printed out or saved). This message may contain legally protected information, which may be used exclusively by the addressee.Please be reminded that anyone who disseminates (copies, distributes) this message or takes any similar action, violates the law and may be penalised. mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950 Warszawa,http://secure-web.cisco.com/1-0IRK32nm4q6txl1FSw7M3xM6GH7-EC9OQiAzAhOio3Yq5wCTu_S5ZGUBO6sdbacXaIKq8x45SOlPBJzlIv02jStB7o3aU0CJmDPSd6rjgBUTkhmphZ2_CodtoS_1xVRnWceMtrUQJ3fbuP9KDNhvEd6Q8HTNtpxC6xGei6HIKJ8kCevAjFGa_kZOefcFDsmvG6ChCk-vQnW2Qtd_pXovyokq6pfPnVQ6321NxsbFbVN3dCcnbHkSliZAUtlD2R9kQJRmV_ZedARpm8VxHlAyjMYlR7hMK-IF4YU8iKnsa7_XohSAbu1X9PY0920wELJZ_OtplOA4gsFiPzpBM09JfvdFl32TRMUt2SFtDeKIahadioCWt2ZSiSz6trEbmWLpiVswzafTiALk3iWvLU9OtWs2WkNG89A2OUFkkOGC5dcGix1ZX1c97ZN_M3h0iC3/http%3A%2F%2Fwww.mBank.pl, e-mail: [email protected]. District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register, KRS 0000025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN 169.401.468 as at 1 January 2020. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
