Our site is not running with Datacom external security.
We do utilize RACF. Currently the RACF administrator has a high level rule that covers all of our production datasets: P.SY.DBMUFP1.* as r/o for our programmers and end-users. This prevents this group of folks from being able to run a simple REPORT AREA=CXX. Has anything been changed in the past 3-4 versions of Datacom where DBUTLTY (maybe with a parm designated) what would enable DBUTLTY to OPEN the CXX as r/o rather than always opening it to DBUTLTY as r/w?
Maybe there is an alternate name for DBUTLTY that would enable r/o processing?
If there isn't anything new in this area, then I will proceed to open this as a DAR.

z/os CA Datacom/DB 15.0 and higher. RACF site

Customer opened a DAR since there is no parameter allowing CXX to be opened in Read Only via DBUTLTY. 


Suggestion:
Why can't you add the DBAs or necessary people to a special RACF group, and then have a data set profile like P.SY.**.CXX that allows update access to this group?