Best Practices:PERMIT To PROFILE Or Directly To ACID In Top Secret
Article ID: 100664
Top SecretTop Secret - LDAP
What is the best way to authorize a user to DSN(CFZSRV)?
Release: Component: TSSMVS
This can be achieved by one of the following:
1. PERMIT the dataset to the user's acid. 2. Add a PROFILE ACID to the user that has been PERMITted to DSN(CFZSRV). 3. Give the user the NODSNCHK and NOVOLCHK bypass attributes which is total overkill since it gives the user access to every dataset and volume. This is not a best practice. Auditors frown up on this.
The best practices would be to permit the dataset to a PROFILE and then attach the PROFILE to the user.
Permitting the dataset directly to the user's acid is also acceptable. It's just a matter of choice.