To protect data that already exists on your system before RACF® is installed, you must create RACF profiles. You can use either discrete or
generic profiles. However, using generic profiles can reduce the administrative
effort of this task, because one generic profile can protect many
resources. For example,
- You can protect existing data sets by using the ADDSD command.
You should consider creating at least one profile for each high-level
qualifier (user ID or group name) on your system. You can specify
profile names with the format:
'high-level-qualifier.*'
If
enhanced generic naming is in effect, use:
'high-level-qualifier.**'
You
must determine the appropriate UACC, access lists, and other information
(such as security classification, if used) for each profile.
For
resources that have unique security requirements, you must create
discrete profiles.
- You can also protect existing general resources (such as tape
volumes or terminals) by using the RDEFINE command. If several resources
in the same class have the same access requirements, you can use one
profile to protect them. Not only does this save space, but it also
saves administrative time.
If the names of the resources contain
some identical characters, you can usually create generic profiles
whose names contain the *, **, or % character
to protect the resources.
For certain classes, such as terminals,
DASD volumes, and others, you can create resource grouping profiles
to protect resources whose names do not lend themselves to the use
of the *, **, or % character.
For any general
resource class, you can define a "RACF variable"
that can be used in the profile names in general resource classes.
For more information about how to select the type of profile to protect
a resource, see Choosing among generic profiles, resource group profiles, and RACFVARS profiles.
You must determine the appropriate UACC, access lists, and other
information (such as security classification, if used) for each profile.
For resources that have unique security requirements, you must
create discrete profiles.