Hi, I was hit with a question that I don't know the answer to. Previously (until today) I had thought, but never tried, that you could have a shared RACF database between two LPARs and that you could protect datasets differently based on the DATASET class rule such that if you had a dataset "TESTCASE.MY.DATASET" specified as UAC of NONE, the you could set up two dataset permits as follows:
PERMIT 'TESTCASE.**' ACCESS(READ) ID(userid) WHEN(SYSID(SYSP)) and PERMIT 'TESTCASE.**' ACCESS(ALTER) ID(userid) WHEN(SYSID(SYST)) And that it would make it so that if the user were to log onto the test LPAR (SYST), they could update the TESTCASE.MY.DATASET all they wanted, but if they logged onto the production LPAR (SYSP) that they were limited to only READ access. Well, apparently the SYSID subparameter of WHEN is not valid for DATASET rules. So how do people protect the same dataset differently on various LPAR's, or is it just not possible? Any help or pointers would be appreciated. What I would like is just a simple way to make it so that people in the production LPAR can see and look at the TEST datasets, but if they actually want to change them, they have to actually log onto that LPAR to do it. I know that seems like a silly way to operate, but in this case there is actually a good reason for it. I just can't think of how to do it without the WHEN(SYSID) parm. Does anyone have any ideas? Thanks, Brian ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
