- How does TPX determine the order for checking access against the existing profiles ?
- How is the session list then built ?
- Is it a collected superset ?
Users are dynamic,
ACF2 resource rules in effect are:
$KEY($DEFAULT) TYPE(TPX)
UID(*) LOG
$KEY(********) TYPE(TPX)
UID(*) LOG
$KEY(BASEPROF) TYPE(TPX)
UID(*) PREVENT
$KEY(IMSPROF) TYPE(TPX)
UID(*) PREVENT
Release : 5.4
Component : z/OS
If TPX Profile Selection = PROFILE is defined in the TPX SMRT option 9, as the validation method in an ACF2 environment, for Dynamic users, then ACF2 Resource Rule validation for
Resource Class: {RTPX / Type TPX) is implemented for ALL PROFILES created in TPX.
There should be an ACF2 Resource Rule for each created profile in TPX, in the form,
$KEY(profile-name) TYPE(TPX)
UID(*) ALLOW or PREVENT
The Dynamic users Session list (Menu), is built as a collected composite of what a dynamic user is allowed access to, based on the Resource Rules for 'that' profile.
If NO ACF2 resource rule is present, a blank Menu (session list) will be displayed.
It is recommended to create a general resource rule to allow ALL Dynamic users access in order to test validity of setup.
$KEY(********) TYPE(TPX)
UID(*) ALLOW or LOG
However, consider removing this once it has been been determined which set of users are allowed to a specific Profile.
ACF2 Rules can then be implemented to enforce specific profiles to dynamic users.