You can limit the use of XRC commands by defining resource profiles in the RACF® FACILITY class and restricting access to those profiles. To use a protected command, you need read-access authority to the applicable profile.
Table 1 lists the XRC commands and the FACILITY class profiles that can restrict them.
Command | Profile name |
---|---|
FCESTABL | STGADMIN.ANT.XRC.COMMANDS |
FCWITHDR | |
XADDPAIR | |
XADVANCE | |
XCOUPLE | |
XDELPAIR | |
XEND | |
XQUERY | |
XRECOVER | |
XSET | |
XSTART | |
XSUSPEND | |
FCQUERY | STGADMIN.ANT.XRC.XQUERY |
XQUERY | |
XSTATUS | |
Note: Authorize
FCQUERY and XQUERY command use with the STGADMIN.ANT.XRC.COMMANDS
profile or the STGADMIN.ANT.XRC.XQUERY profile. XRC first checks STGADMIN.ANT.XRC.COMMANDS
for authorization. If authorization is not permitted with the STGADMIN.ANT.XRC.COMMANDS
profile, XRC checks the STGADMIN.ANT.XRC.XQUERY profile for authorization
to issue the FCQUERY and XQUERY commands.
|
SETROPTS CLASSACT(FACILITY)
RDEFINE FACILITY STGADMIN.ANT.XRC.COMMANDS UACC(NONE)
PERMIT STGADMIN.ANT.XRC.COMMANDS CLASS(FACILITY) -
ID(STGADMIN) ACCESS(READ)
For additional information about how to activate the RACF FACILITY class and how to define and authorize users to the XRC command profiles, refer to z/OS Security Server RACF Security Administrator's Guide.