Take the following three program
control steps to protect modules:
- Use the RDEFINE command
or the RACF® ISPF
entry panels to identify the modules you want to protect. To define
the modules to RACF, supply
the name of the load module that you want to protect, the
name of the data set that contains the load module, and the volume
serial number of the volume that contains the data set. RACF adds each module that you
identify to the profile for the PROGRAM general resource class.
When
you define the modules, you have several options:
- If you want to define several modules at the same time, you
can
use asterisk notation. For example, DGT* represents all of the modules
beginning with the letters DGT.
- You can add an access list
with user IDs or group names and their
associated access authority to the profile.
- You can define
the UACC to give default access to all users or
to none.
- You can use the AUDIT parameter to set up or to bypass RACF logging.
_______________________________________________________________
- Use the PERMIT command to allow end users to execute an application,
line operator, or command associated with a module.
_______________________________________________________________
- To prevent unauthorized users from copying a program, renaming
it to a name that is unknown to the program control, and then executing
the renamed program, you should protect the PDS libraries containing
RACF-controlled programs with a UACC of NONE. In order for users
to execute programs in these libraries, place the libraries in the
LNKLIST concatenation. See z/OS Security Server RACF Security Administrator's Guide for
more information.