Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Restricting Access to Fields in the RACF Profile z/OS DFSMS Implementing System-Managed Storage SC23-6849-00 |
|
You can use the RACF® FIELD
resource class with SMS to control the users' ability to specify or
update the following fields in a RACF profile:
You can define default data, storage, and management class names, and an application identifier in RACF user or group profiles. SMS retrieves these defaults and supplies them as input variables to the ACS routines. You can use the application identifier to associate data sets that have different highest-level qualifiers and different resource owners. To use default SMS classes for a data set, define a resource owner or data set owner in the RACF profile for that data set. RACF uses the resource owner to determine the user or group profiles that contain the default SMS classes. Having a particular default STORCLAS or MGMTCLAS specified in the user or group profile does not imply that a given user is authorized to use the corresponding class. See Restricting Access to Classes and Groups for information on authorizing the use of individual management and storage classes. Be careful when assigning RACF defaults because it is unlikely that a given SMS class is applicable to all data sets created by a user or group. However, RACF defaults can be effectively used to supplement your ACS routine logic and handle class assignments for data sets that are difficult to identify using other ACS READ/ONLY variables. Figure 1 shows how you can use the RACF default to control the management class assigned to a data set. Figure 1. Controlling
Management Class Assignments
Figure 2 shows an example of a command sequence you can use to define the SMS-related FIELD resource class profiles. The example enables storage administrators to update the resource owner field, and enables the user to update the set of SMS default classes. Figure 2. Defining Resource
Class Profiles
|
Copyright IBM Corporation 1990, 2014
|