z/OS UNIX System Services Planning
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Steps for giving selected users or groups access to a z/OS UNIX file system

z/OS UNIX System Services Planning
GA32-0884-00

About this task

To give selected users or group access to a z/OS® UNIX file system, follow these steps.

Before you begin: You need to know which users or groups will be given access to the specified file system.

Perform the following steps to give selected users and groups access to the specified file system and then activate FSACCESS checking.

Procedure

  1. Define a profile in the FSACCESS class for each z/OS UNIX file system that you want to grant permission. To define a profile for OMVS.ZFS.WEBSRV.TOOLS, for example, issue: 
     RDEFINE FSACCESS OMVS.ZFS.WEBSRV.TOOLS UACC(NONE)
    In general, generic profile names for file systems are allowed for resources in the FSACCESS class.
    Tip: To control a set of file systems with similar names, define a generic profile. For example, after ensuring that generic profiles were enabled for the class, define OMVS.ZFS.WEBSRV.** as a generic profile, issue:
    SETROPTS GENERIC(FSACCESS)                                  
RDEFINE FSACCESS OMVS.ZFS.WEBSRV.** UACC(NONE)

    _______________________________________________________________

  2. Assign UPDATE access to the selected users or groups. 
     PERMIT OMVS.ZFS.WEBSRV.TOOLS CLASS(FSACCESS) ID(USER19)     
 ACCESS(UPDATE)

    _______________________________________________________________

  3. Activate the FSACCESS class profile, if it is not currently active at your installation. By default, it is inactive and is not used for authorization checking. 
    SETROPTS CLASSACT(FSACCESS)

    _______________________________________________________________

  4. Activate SETROPTS RACLIST processing for the FSACCESS class, if it is not already active. 
    SETROPTS RACLIST(FSACCESS)
    If SETROPTS RACLIST processing is already in effect for the FSACCESS class, you must refresh SETROPTS RACLIST processing in order for new or changed profiles in the FSACCESS class to take effect. 
    SETROPTS RACLIST(FSACCESS) REFRESH

    _______________________________________________________________

Results

When you are done, you have restricted access to the specified z/OS UNIX file system to users and groups who have been explicitly permitted to covering resource profiles.

Parent topic: Restricting access to z/OS UNIX file systems

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014