Place the TSO commands in a RACF-protected
library to restrict PPRC TSO commands to authorized storage administrators.
Before you begin: You need to be familiar
with the commands used in these steps.
Perform the following steps to RACF-protect PPRC commands:
- Issue the following RDEFINE command for each PPRC command, and
for each command abbreviation that you want defined to RACF®:
RDEFINE PROGRAM cmdname ADDMEM(‘SYS1.CMDLIB’)/volser/NOPADCHK) UACC(NONE)
The
following terms apply to the above example:
- cmdname
- Defines the PPRC TSO command name or an abbreviation of a command.
Issue a separate RDEFINE command for each command and any command
abbreviations you plan to use. RACF can
only perform checking on commands and abbreviations that are defined
to it.
- volser
- Defines the name of the volume that contains the SYS1.CMDLIB
data set.
- Issue the PERMIT command for all commands and authorized PPRC
TSO command users as follows:
PERMIT cmdname CLASS(PROGRAM) ID(name) ACCESS(READ)
The
following terms apply to the above example:
- cmdname
- Defines the PPRC TSO command name, or an abbreviation of a command.
- name
- Defines the user ID that will receive RACF access authority for that command name.
- Issue the SETROPTS command from a user ID that has the appropriate
authority:
SETROPTS CLASSACT(PROGRAM) WHEN(PROGRAM) REFRESH
For additional information about the peer-to-peer remote copy commands,
refer to Peer-to-Peer Remote copy command descriptions.