Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
SAF calls for authorization checking z/OS DFSMSrmm Implementation and Customization Guide SC23-6874-00 |
|
DFSMSrmm issues RACROUTE calls to determine if a user is authorized to perform a DFSMSrmm function. The calls are issued in the address space and under the task of the command or utility user. Most SAF calls in the FACILITY class are issued regardless of the state of RACF, the SAF interface, or the FACILITY class. DFSMSrmm prevents RACF users with the OPERATIONS and PRIVILEGED attributes from gaining authorization to the DFSMSrmm resources in the FACILITY class. Any user attempting to use DFSMSrmm functions must be authorized through the resource access list or through universal access. For all authorization checks, except for EDGRESET, DFSMSrmm issues the RACROUTE request with an ACEE address that identifies an ACEE that has had these attributes removed. Figure 1 shows the RACROUTE call that DFSMSrmm issues
to create an ACEE for a user that is defined to RACF. DFSMSrmm issues
this call in the address space of the command issuer or batch utility.
Figure 1. Creating an ACEE for a user
defined to RACF
Figure 2 shows the RACROUTE call that DFSMSrmm issues
to create an ACEE for a user that is not defined to RACF. DFSMSrmm
issues the call using a blank USERID value. DFSMSrmm issues this call
in the address space of the command issuer or batch utility.
Figure 2. Creating an ACEE for a user
not defined to RACF
|
Copyright IBM Corporation 1990, 2014
|