by steve-myers » Tue Feb 04, 2020 6:27 am
You have a confused notion about "protecting" data sets.
Since you are using one RACF data base for all systems, you "protect" the data set on all systems, possibly by using UACC(READ), which allows all users the ability to read, but not update the data set, possibly by defining a data set profile using the ADDSD command:
ADDSD 'data set' GENERIC UACC(READ)
You then determine the users that need to update the data set, and you add access permissions with the PERMIT command :
PERMIT 'dataset' GENRIC ACCESS(access-level) ID(user)
In the PERMIT command a user can be an actual user, or the group of users in which the user is defined. There is no way (nor, in my opinion, is it desirable) to restrict access by LPAR.