Users accessing check output from the message buffer, must have
authorization to the QUERY and MESSAGES service resources using RACF® profiles. The way you define RACF profiles depends on:
- The way users specify the check name and check owner in the HZSPRINT
EXEC PARM= statement.
- The level of access you wish to give to the user.
Specifying check name and owner in the HZSPRINT EXEC PARM=
statement: Depending on what access level they have and what check
output they want, users can specify the exact check name and check
owner in the EXEC statement to get output from one check or they can
use wildcard characters to get output for multiple checks.
The syntax for the HZSPRINT EXEC statement for printing check output
from the message buffer is as follows:
// EXEC PGM=HZSPRNT,PARM='CHECK(check_owner,check_name)'
See What is a check? for how to find
the check owner and check name for checks.
The following HZSPRINT EXEC statement examples show different ways
users can specify the check name and the check owner to get different
output:
- To get check output for all active checks, use the following EXEC
statement:
// EXEC PGM=HZSPRNT,PARM='CHECK(*,*)'
- To get check output for all the checks owned by IBMGRS, use the
following EXEC statement:
// EXEC PGM=HZSPRNT,PARM='CHECK(IBMGRS,*)'
- To get check output for just one check, IBMGRS check GRS_Mode,
use the following EXEC statement:
// EXEC PGM=HZSPRNT,PARM='CHECK(IBMGRS,GRS_Mode)'
- To get check output for all the checks named TRY_ME by any check
owner, use the following EXEC statement:
// EXEC PGM=HZSPRNT,PARM='CHECK(*,TRY_ME)'
See
Working with check output for complete information about
using HZPRINT.
Determining the access level required for check name and owner
specification on the HZSPRINT EXEC statement: The table below
shows the access required for different user specifications of the
check name and owner in the HZSPRINT EXEC PARM= statement, including
the resource name or names that must be defined in the XFACILIT class
for that particular specification. You must also RACLIST the XFACILIT
class in order for HZSPRINT to work, as shown in the examples below
the table.
Where we show two possible resource names you can define for a
service resource, the system accepts a match on either.
Table 1. Access required for printing check output from the
message buffer using HZSPRINTCheck specification |
Access required for service resource |
Resource names |
---|
CHECK(*,checkname)
CHECK(*,*)
|
QUERY: Read access to all checks |
|
MESSAGES: Read access to individual check |
- HZS.sysname.check_owner.MESSAGES
- HZS.sysname.check_owner.check_name.MESSAGES
|
CHECK(checkowner,*)
|
QUERY: Read access to all checks for a specific
owner |
- HZS.sysname.check_owner.QUERY
|
MESSAGES: Read access to individual check |
- HZS.sysname.check_owner.MESSAGES
- HZS.sysname.check_owner.check_name.MESSAGES
|
CHECK(checkowner,
checkname)
|
QUERY: Read access to individual check |
- HZS.sysname.check_owner.QUERY
- HZS.sysname.check_owner.check_name.QUERY
|
MESSAGES: Read access to individual check |
- HZS.sysname.check_owner.MESSAGES
- HZS.sysname.check_owner.check_name.MESSAGES
|
Defining RACF profiles
for QUERY and MESSAGE service resources: For each resource name
identified in the first table, issue:
RDEFINE XFACILIT resourcename UACC(NONE)
PERMIT resourcename CLASS(XFACILIT) ID(hcprintid) ACCESS(READ)
Then,
issue the following for the XFACILIT class:
SETROPTS CLASSACT(XFACILIT)
SETROPTS RACLIST(XFACILIT)
If you already RACLISTed the
XFACILIT or FACILITY class, the very last statement in the example
above would have to be:
SETROPTS RACLIST(XFACILIT) REFRESH
Profile definition examples:
The following table shows examples of defining access profiles
for the QUERY and MESSAGES service resources in the XFACILIT class
to allow a user ID to access check output in HZSPRINT.
In these examples,
hcprintid is the user ID
of either a user or group you're giving access to.
- Access to output from all checks:
RDEFINE XFACILIT HZS.sysname.QUERY UACC(NONE)
PERMIT HZS.sysname.QUERY CLASS(XFACILIT) ID(hcprintid) ACCESS(READ)
RDEFINE XFACILIT HZS.sysname.check_owner.MESSAGES UACC(NONE)
PERMIT HZS.sysname.check_owner.MESSAGES CLASS(XFACILIT) ID(hcprintid) ACCESS(READ)
SETROPTS CLASSACT(XFACILIT)
SETROPTS RACLIST(XFACILIT)
- Access to output from a specified check owner:
RDEFINE XFACILIT HZS.sysname.check_owner.QUERY UACC(NONE)
PERMIT HZS.sysname.check_owner.QUERY CLASS(XFACILIT) ID(hcprintid) ACCESS(READ)
RDEFINE XFACILIT HZS.sysname.check_owner.check_name.MESSAGES UACC(NONE)
PERMIT HZS.sysname.check_owner.check_name.MESSAGES CLASS(XFACILIT) ID(hcprintid) ACCESS(READ)
SETROPTS CLASSACT(XFACILIT)
SETROPTS RACLIST(XFACILIT)
- Access to output from a particular check:
RDEFINE XFACILIT HZS.sysname.check_owner.check_name.QUERY UACC(NONE)
PERMIT HZS.sysname.check_owner.check_name.QUERY CLASS(XFACILIT) ID(hcprintid) ACCESS(READ)
RDEFINE XFACILIT HZS.sysname.check_owner.check_name.MESSAGES UACC(NONE)
PERMIT HZS.sysname.check_owner.check_name.MESSAGES CLASS(XFACILIT) ID(hcprintid) ACCESS(READ)
SETROPTS CLASSACT(XFACILIT)
SETROPTS RACLIST(XFACILIT)
For more information, see: