ACF2 Prevent a user from accessing datasets with his user ID as the HLQ

book

Article ID: 214259

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

How to prevent prevent a user from accessing datasets with his user ID/logonid/LID as the HLQ? Security admins are asking how to manage this.

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

By default logonids have full access to datasets HLQs that match their logonid. This is controlled by the logonid PREFIX field which specifies the logonid that owns that key(HLQ) and automatically has access to that data. When creating a logonid the PREFIX defaults to the logonid. This can be changed by removing(setting it to null) the PREFIX of a logonid, for example:

ACF
CHANGE logonid PREFIX()