The RACF® FACILITY resource
class can control the ability to:
- Activate a configuration
- Perform certain catalog functions on data sets using access method
services
- Perform certain DFSMSdss functions on data sets
If defined, these profiles are checked before a user is allowed
to perform the protected function. The user must have READ access.
If these profiles are not defined, other RACF or password checking is still made to verify
authority. Also, the user program must be Authorized Program Facility
(APF)-authorized.
Exception: Password checking is bypassed
if the function is performed on a system-managed data set.
Some FACILITY profiles are not checked if the caller is using the
system key or is running in supervisor state. These profiles are:
- STGADMIN.IGG.DEFNVSAM.NOBCS
- STGADMIN.IGG.DEFNVSAM.NONVR
- STGADMIN.IGG.DELETE.NOSCRTCH
- STGADMIN.IGG.DELGDG.FORCE
- STGADMIN.IGG.DELNVR.NOBCSCHK
- STGADMIN.IGG.DIRCAT
In addition to the individual profiles, we recommend that the STGADMIN.*
profile be defined with UACC NONE. Some STGADMIN profiles allow you
to perform a specific function or use a specific keyword, but some
functions or keywords can be used unless there is a STGADMIN profile
preventing the usage of that keyword. By defining an STGADMIN.* profile
with UACC NONE, these sensitive keywords can be protected and system
exposures eliminated.
You need to define the following RACF profiles:
- STGADMIN.DMO.CONFIG
- This profile is used by BUILDIX command for Rapid Index Rebuild.
- STGADMIN.DPDSRN.olddsname
- Controls the ability to rename a non-SMS-managed
data set whose name is in use in another address space. You can regard
them as having duplicate data set names.
olddsname is up to 23
characters of the existing data set name. You can use a generic class
name such as STGADMIN.DPDSRN.SYS2.*.
Recommendation: Do
not give anyone authority to STGADMIN.DPDSRN.* because it is too broad.
This option should be used with extreme caution. Very few people
should have RACF authority
to STGADMIN.DPDSRN.olddsname. Use this option only if you know the
data set is not open on any system. For details of how to use this,
see
z/OS DFSMSdfp Advanced Services.
- STGADMIN.IDC.BINDDATA
- Controls the ability to use the access method services BINDDATA
command.
- STGADMIN.IDC.DCOLLECT
- Controls the ability to use the access method services DCOLLECT
command.
- STGADMIN.IDC.DIAGNOSE.CATALOG
- Controls the ability to run the access method services DIAGNOSE
command against catalogs.
- STGADMIN.IDC.DIAGNOSE.VVDS
- Controls the ability to run the access method services DIAGNOSE
command against a VVDS when a comparison against the BCS is performed.
In this case, the BCS is protected.
- STGADMIN.IDC.EXAMINE.DATASET
- Controls the ability to run the access method services EXAMINE
command against integrated catalog facility catalog data sets.
- STGADMIN.IDC.LISTDATA
- Controls the ability to use the access method services LISTDATA
command.
- STGADMIN.IDC.LISTDATA.ACCESSCODE
- Controls the ability to use the access method services LISTDATA
ACCESSCODE command. ACCESSCODE is a specialized LISTDATA command that
requires an extra level of protection. Both levels (LISTDATA and LISTDATA.ACCESSCODE)
are required.
- STGADMIN.IDC.SETCACHE
- Controls the ability to use the access method services SETCACHE
command. This RACF profile
does not include the following four profiles. A user must have SETCACHE
access in order to have specific setcache command authorization.
- STGADMIN.IDC.SETCACHE.DISCARDPINNED
- Controls the ability to use the access method services SETCACHE
DISCARDPINNED command.
- STGADMIN.IDC.SETCACHE.PENDINGOFF
- Controls the ability to use the access method services SETCACHE
PENDINGOFF command.
- STGADMIN.IDC.SETCACHE.REINITIALIZE
- Controls the ability to use the access method services SETCACHE
REINITIALIZE command.
- STGADMIN.IDC.SETCACHE.SUBSYSTEM
- Controls the ability to use the access method services SETCACHE
SUBSYSTEM command.
- STGADMIN.IFG.READVTOC.volser
- Controls the ability to obtain READ access to the VTOC or VTOC
index.
- STGADMIN.IGD.ACTIVATE.CONFIGURATION
- Controls the ability to activate an SMS configuration.
- STGADMIN.IGG.ALTER.SMS
- Controls the ability to alter the storage class and management
class of a data set. If this profile is not created, the user must
have RACF authority to the
storage class and the management class to alter it. To use this profile,
the administrator must have ALTER access to the data set whose storage
or management class is to be changed.
- STGADMIN.IGG.ALTER.UNCONVRT
- Controls the ability to alter a system-managed VSAM data set to
an unmanaged VSAM data set.
- STGADMIN.IGG.DEFDEL.UALIAS
- Controls the ability to define or delete an alias related to a
user catalog without any other security authority. You can still define
or delete an alias if you have alter authority to the catalog, even
if you do not have read authority to this FACILITY class.
- STGADMIN.IGG.DEFNVSAM.NOBCS
- Controls the ability to define or alter a NVR for
a data set without affecting the BCS entry if one exists. This profile
is only checked by authorized services using the LOCATE macro, not
by utilities like IDCAMS.
- STGADMIN.IGG.DEFNVSAM.NONVR
- Controls the ability to define or alter a BCS entry
for a data set without affecting the VVDS entry if one exists. This
profile is only checked by authorized services using the LOCATE macro,
not by utilities like IDCAMS.
- STGADMIN.IGG.DELETE.NOSCRTCH
- Controls the ability to delete the BCS entry for a system-managed
data set without deleting the data set itself (for example, using
DELETE NOSCRATCH). This controls functions which uncatalog data sets.
- STGADMIN.IGG.DELETE.RENAME
- controls the ability to delete data set entries flagged as "rename
in process". Attempts without the facility class for data sets flagged
in this manner receive message IDC3009I with a return code of 90 and
a reason code of 54. The "rename in progress" flag is ignored for
users having RACF READ authority to the facility class and issuing
a DELETE, and the entry is deleted. This facility class is intended
for maintenance purposes.
- STGADMIN.IGG.DELGDG.FORCE
- Controls the ability to use DELETE FORCE on a generation data
group which contains a system-managed generation data set.
- STGADMIN.IGG.DELNVR.NOBCSCHK
- Controls the ability to delete the VVDS entry (the NVR) for an
system-managed non-VSAM data set without checking the BCS entry and
catalog name for the data set. If there is a BCS entry or if the catalog
name contained in the NVR does not match the catalog provided in the
request, the function is denied unless the user has authority to this
profile.
- STGADMIN.IGG.DIRCAT
- Controls the ability to direct a catalog request to a specific
catalog, bypassing the normal catalog search. A directed catalog
request is one in which the catalog name is explicitly passed to the
catalog in the CATALOG parameter of access method services commands.
In an SMS environment, all the catalog requests against system-managed
data sets should be satisfied by the normal catalog search order.
Directing the catalog request to a specific catalog requires authority
to this profile with the exception of LISTCAT and EXPORT DISCONNECT
requests.
- STGADMIN.IGG.DLVVRNVR.NOCAT
- Controls the ability to delete a VVR or NVR without an associated
catalog. Users having RACF READ
authority to the FACILITY class need no other RACF authority to the master catalog to perform
the DELETE VVR or DELETE NVR functions.
Attention: Restrict
access to this FACILITY class to users who understand the risk involved
in deleting a VVR or NVR entry from a VVDS.
When a catalog
is deleted for recovery purposes, or under certain failure conditions,
an uncataloged VSAM data set or SMS nonVSAM data set can be left on
the volume. The user can issue the DELETE VVR or DELETE NVR command
to clean up the volume. In order to do this, the user needs RACF ALTER authority to the master
catalog, and the user catalog must exist so that the catalog can be
searched to verify that a BCS entry does not exist for the VVR or
NVR. This is the usual situation when RACF ALTER
authority to the catalog is needed. If the user catalog does not exist,
the user must define an empty user catalog so that it can be searched.
The
STGADMIN.IGG.DLVVRNVR.NOCAT FACILITY class allows the use of DELETE
VVR or DELETE NVR without an associated user catalog. It does not
require RACF authority to the
master catalog for these commands.
- STGADMIN.IGG.LIBRARY
- Controls the ability to DEFINE, DELETE, or ALTER library and volume
entries in a tape library.
- STGADMIN.IGWSHCDS.REPAIR
- Controls the ability to use the AMS SHCDS command functions, which
you can use to list outstanding SMSVSAM recovery and control that
recovery.
See z/OS DFSMSdss Storage Administration for
more information on DFSMSdss functions.