Program control, but pay close attention to the restrictions.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Steff Gladstone <[email protected]> Sent: Thursday, February 7, 2019 6:37 AM To: [email protected] Subject: RACF: Limiting update-authorization of a file to a particular application Greetings, We have an TSO application for end-users that allows them to update certain VSAM and PDS files. In order for them to update these files we of course have to give their users update-authorization under RACF for those files. We want to limit their ability to update the files only via the particular TSO application (or via a particular I/O routine used by the application) and not via any other application program or IBM utility (e.g., IEBCOPY, ISPF on-line edit or utilities, etc.). How can we define the RACF authorizations in such a way as to limit the end-users' update capabilities to the application (or to a particular I/O routine) alone? Would the same (or similar) definitions work for a site using Top Secret instead of RACF? Thank you in advance, Steff Gladstone ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
