IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  RACF Restricted User Access to Programs under USS

    Posted 11 days ago

    Hi Friends,

    I have a RACF user defined with the RESTRICTED attribute. As expected, this means every dataset or program access must be explicitly defined in RACF - masking can't be used, except for the dataset WARNING feature.

    For program access, I've defined the necessary PROGRAM resource rules in the PROGRAM class.

    Here's the scenario:

    • The user logs on through OMVS/USS, not TSO.

    • When the user attempts to run a Java compile (for example, javac), RACF issues an access violation message indicating a specific program that requires authorization.

    • I identified the program and the library it resides in, created the appropriate PROGRAM resource rule, and issued the proper SETROPTS REFRESH for the PROGRAM class.

    However, the access issue persists.
    Is there anything else that needs to be done for OMVS or the USS environment to recognize the new PROGRAM resource rule?
    Would cycling OMVS or any related subsystem (e.g., BPXAS, RACF, or any OMVS task) be necessary for the rule to take effect?

    Thanks and first time posting here. Looks like a great community.

    Ryan



    ------------------------------
    Ryan Henrichon
    ------------------------------


  • 2.  RE: RACF Restricted User Access to Programs under USS

    Posted 5 days ago

    Hi!  Did you really perform the correct REFRESH for the PROGRAM class ?
    It is :   SETR WHEN(PROGRAM) REFRESH



    ------------------------------
    Rogerio Eugenio Malaquias Camargo
    Associate Director - Mainframe RACF Security Engineer
    KYNDRYL
    Campinas
    +55 19 991003439
    ------------------------------

    Original Message


Related Content