Hello Sean, SMS managed datasets must be cataloged. And if there is no ALIAS and the dataset is allocated, SMS WILL catalog the dataset in the MASTER CATALOG no matter what the security rules.
It is the subsequent delete of the bad dataset I do not understand. That should require access through RACF dataset profiles, or maybe through some FACILITY class SMS rules. Is the SETROPTS PROTECTALL active? That may help stop this bad behaviour - DELETE. On Wed, 25 Sep 2019 12:05:30 +0100, Sean Gleann <sean.gle...@gmail.com> wrote: > >Now I've found that if 'X1' creates file 'TEST1', it gets cataloged in the >MCAT. In order to prevent this, I've used existing information to act as a >model for >permit 'MASTERV.CATALOG' generic id(X1) access(read) >and specified that. > >Now, if user X1 tries to create 'X1.TEST', the result is a RACF >authorisation failure. > >Again, so far, so good > >Taking the test a bit further though, I've now found that user X1 is >allowed to delete file 'TEST1' from the MCat! > > >Any help gratefully appreciated >Sean > Regards Bruce ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
