My RACF guy says "not possible". HTH,
-----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Brian Westerman Sent: Thursday, July 19, 2018 8:29 PM To: [email protected] Subject: RACF DATASET protection WHEN(SYSID) Hi, I was hit with a question that I don't know the answer to. Previously (until today) I had thought, but never tried, that you could have a shared RACF database between two LPARs and that you could protect datasets differently based on the DATASET class rule such that if you had a dataset "TESTCASE.MY.DATASET" specified as UAC of NONE, the you could set up two dataset permits as follows: PERMIT 'TESTCASE.**' ACCESS(READ) ID(userid) WHEN(SYSID(SYSP)) and PERMIT 'TESTCASE.**' ACCESS(ALTER) ID(userid) WHEN(SYSID(SYST)) And that it would make it so that if the user were to log onto the test LPAR (SYST), they could update the TESTCASE.MY.DATASET all they wanted, but if they logged onto the production LPAR (SYSP) that they were limited to only READ access. Well, apparently the SYSID subparameter of WHEN is not valid for DATASET rules. So how do people protect the same dataset differently on various LPAR's, or is it just not possible? Any help or pointers would be appreciated. What I would like is just a simple way to make it so that people in the production LPAR can see and look at the TEST datasets, but if they actually want to change them, they have to actually log onto that LPAR to do it. I know that seems like a silly way to operate, but in this case there is actually a good reason for it. I just can't think of how to do it without the WHEN(SYSID) parm. Does anyone have any ideas? Thanks, Brian ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ::DISCLAIMER:: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
