You can limit the use of Global Mirror commands by defining resource profiles in the RACF® FACILITY class and restricting access to those profiles. To use a protected command, you need read-access authority to the applicable profile.
Table 1 lists the Global Mirror commands and the facility class profiles that can restrict them. See the z/OS Security Server RACF Security Administrator's Guide for details on activating the RACF facility class, and defining and authorizing users to the PPRC command profiles.
Command | Profile Name |
---|---|
RQUERY | STGADMIN.ANT.PPRC.COMMANDS |
RSESSION | |
RVOLUME | |
RQUERY | STGADMIN.ANT.PPRC.CQUERY |
Note: Authorize
RQUERY command use with the STGADMIN.ANT.PPRC.COMMANDS profile or
the STGADMIN.ANT.PPRC.CQUERY profile. PPRC first checks STGADMIN.ANT.PPRC.COMMANDS
for authorization. If authorization is not permitted with the STGADMIN.ANT.PPRC.COMMANDS
profile, PPRC checks the STGADMIN.ANT.PPRC.CQUERY profile for authorization
to issue the RQUERY command.
|
SETROPTS CLASSACT(FACILITY)
RDEFINE FACILITY STGADMIN.ANT.PPRC.COMMANDS UACC(NONE)
PERMIT STGADMIN.ANT.PPRC.COMMANDS CLASS(FACILITY) -
ID(STGADMIN) ACCESS(READ)