ARSUPERM and application level permission

[lfbeach]

Our existiing RACF permissions are set up with FOLDER  and REPORT (aka application) access for our users.   This has been that way since the old OD390/SOND days.  ARSUPERM provides the option for FOLDER,  APPLICATION GROUP,  and DOCUMENT level permissions.    Because there is not REPORT/APPLICATION permissions option in ARSUPERM we use DOCUMENT level permissions.    This accomplishes what we need,  but is a huge hog of time and resources.
We need to be able to do ONE READ to the RACF Database per report id/application.   Right now we are doing this read for EVERY DOCUMENT within that report id.   

SQL Permissions has been presented as an option,  but we do not want to duplicate all our RACF Permissions in CMOD Application Groups.  Is that our only option?     

Appreciate ANY HELP OR INPUT!

[ewirtz]

Hi Lori,
during login we read the RACF classes in ARSUSECC and put the result in a db2 table. It's tricky because the assembler macro is not thread safe.

In arsuperm we check against the db2 table.

regards

egon

[lfbeach]

I do appreciate the response!   We may try to do ours in the SQL Permissions.   We are still debating best approach for our business.  Thanks, Lori