Idea Details

Request for LPAR Specific Access Rules

Last activity 05-17-2016 06:35 AM
Kevin Wick's profile image
06-26-2014 10:02 AM

We are currently sharing our ACF2 security database across multiple LPARs on shared DASD.  However, we now have a contractual obligation with another one of our vendor products to restrict access to their product on specific LPARs.  I would like a LPAR name field added to dataset access rules so I can write rules that only apply to specific LPARs.


06-25-2015 12:25 PM

Will CA be able to make this change and if so when will it be available?

07-11-2014 01:07 AM

Hi, the problem is also known in our environment. Access rules or SAF rules don't allow LPAR specific definitions. We work with shard LID , INFO and RULE DBs in a JES PLEX

07-03-2014 03:01 PM

We also have something similar to solve.  We share the LOGINIDS, but have unique INFOSTG per LPAR because we have identical subsystem names on multiple LPARS, but they require different rules.  We'd also like a LPAR field so we can share INFOSTG that has identical subsystem names on different LPARS.  Things like USER PROFILE records that aren't shared today could then be shared, and still allow uniqueness for other items.


Ideally the LPAR field, could be NULL or *ALL representing all lpars, I'm not sure if a pattern matching would be doable, example LPAR(PR**) meaning ALL production systems, or a list of LPAR's like (SYSA,TEST,DEVX).


It might even be excellent for the LOGONIDS, you can only log onto a system listed in a LID's LPAR list.


Just my 2 cents on the subject.

06-27-2014 01:37 AM

We like this approach. We have something similar to solve. In order to restrict the usage of the COMPILER on one LPAR only, currently we use the ACF2 DATASET/PROGRAM POST VALIDATION EXIT. It would be more convenient to have solution provide by CA.