z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


DFP segment in user and group profiles

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

When SMS is installed and active on your system, every SMS-managed data set is assigned the following DFP constructs:
  • Data class, which contains attributes related to the allocation of the data set
  • Management class, which contains attributes related to the migration and backup of the data set
  • Storage class, which contains attributes related to space for the data set and the device and volume on which the data set resides.

RACF® provides the DFP segment in user and group profiles in which you can specify default values for these constructs as well as a data application identifier. During allocation of a new SMS-managed data set, RACF retrieves these default values for DFP. DFP, in turn, uses these values as input to the automatic class selection (ACS) routines that are used by SMS to assign constructs to the new data set.

The fields contained in the DFP segment of user and group profiles are as follows:
  • DATAAPPL, which specifies the identifier for the data set application
  • DATACLAS, which specifies the default data class
  • MGMTCLAS, which specifies the default management class
  • STORCLAS, which specifies the default storage class
For user and group profiles, you can specify information in the DFP segment using one of the following commands:
  • ADDUSER, when defining a new user profile
  • ALTUSER, when changing a user profile
  • ADDGROUP, when defining a new group profile
  • ALTGROUP, when changing a group profile
When defining or changing values in the DFP segment of user or group profiles, you should consider the following:
  • The values that you specify for MGMTCLAS and STORCLAS must be defined as profiles in their respective RACF general resource classes and the user or group must be granted at least READ access. Otherwise, RACF does not allow the user or group to use the specified SMS class. For more information, see Controlling the use of SMS classes.
  • RACF does not control access for DATAAPPL or DATACLAS. However, the values you specify in these fields should be defined for use on your system.
  • Your storage administrator defines the names for the DFP constructs data class, management class, and storage class. To determine what construct names have been defined on your system, you can display a list of these names by using the Interactive Storage Management Facility (ISMF). For information on how to use ISMF, see z/OS DFSMS Using the Interactive Storage Management Facility.

You can display the information in the DFP segment of a user profile by issuing the LISTUSER command with the DFP operand and, for a group profile, by issuing the LISTGRP command with the DFP operand. For more information on the RACF commands, see z/OS Security Server RACF Command Language Reference.

Note: If you want to display the information in the DFP segment of any RACF profile, you must have the SPECIAL or AUDITOR attribute or at least READ access to the segment through field-level access checking. For information on field-level access checking for the DFP segment, see Controlling access to the DFP segment.
Parent topic: DFP segment in RACF profiles

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014