z/OS DFSMSdfp Storage Administration
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Command and keyword related profiles

z/OS DFSMSdfp Storage Administration
SC23-6860-01

The RACF® FACILITY resource class can control the ability to:
  • Activate a configuration
  • Perform certain catalog functions on data sets using access method services
  • Perform certain DFSMSdss functions on data sets

If defined, these profiles are checked before a user is allowed to perform the protected function. The user must have READ access. If these profiles are not defined, other RACF or password checking is still made to verify authority. Also, the user program must be Authorized Program Facility (APF)-authorized.

Exception: Password checking is bypassed if the function is performed on a system-managed data set.
Some FACILITY profiles are not checked if the caller is using the system key or is running in supervisor state. These profiles are:
  • STGADMIN.IGG.DEFNVSAM.NOBCS
  • STGADMIN.IGG.DEFNVSAM.NONVR
  • STGADMIN.IGG.DELETE.NOSCRTCH
  • STGADMIN.IGG.DELGDG.FORCE
  • STGADMIN.IGG.DELNVR.NOBCSCHK
  • STGADMIN.IGG.DIRCAT

In addition to the individual profiles, we recommend that the STGADMIN.* profile be defined with UACC NONE. Some STGADMIN profiles allow you to perform a specific function or use a specific keyword, but some functions or keywords can be used unless there is a STGADMIN profile preventing the usage of that keyword. By defining an STGADMIN.* profile with UACC NONE, these sensitive keywords can be protected and system exposures eliminated.

You need to define the following RACF profiles:
STGADMIN.DMO.CONFIG
This profile is used by BUILDIX command for Rapid Index Rebuild.
STGADMIN.DPDSRN.olddsname
Controls the ability to rename a non-SMS-managed data set whose name is in use in another address space. You can regard them as having duplicate data set names.

olddsname is up to 23 characters of the existing data set name. You can use a generic class name such as STGADMIN.DPDSRN.SYS2.*.

Recommendation: Do not give anyone authority to STGADMIN.DPDSRN.* because it is too broad. This option should be used with extreme caution. Very few people should have RACF authority to STGADMIN.DPDSRN.olddsname. Use this option only if you know the data set is not open on any system. For details of how to use this, see z/OS DFSMSdfp Advanced Services.
STGADMIN.IDC.BINDDATA
Controls the ability to use the access method services BINDDATA command.
STGADMIN.IDC.DCOLLECT
Controls the ability to use the access method services DCOLLECT command.
STGADMIN.IDC.DIAGNOSE.CATALOG
Controls the ability to run the access method services DIAGNOSE command against catalogs.
STGADMIN.IDC.DIAGNOSE.VVDS
Controls the ability to run the access method services DIAGNOSE command against a VVDS when a comparison against the BCS is performed. In this case, the BCS is protected.
STGADMIN.IDC.EXAMINE.DATASET
Controls the ability to run the access method services EXAMINE command against integrated catalog facility catalog data sets.
STGADMIN.IDC.LISTDATA
Controls the ability to use the access method services LISTDATA command.
STGADMIN.IDC.LISTDATA.ACCESSCODE
Controls the ability to use the access method services LISTDATA ACCESSCODE command. ACCESSCODE is a specialized LISTDATA command that requires an extra level of protection. Both levels (LISTDATA and LISTDATA.ACCESSCODE) are required.
STGADMIN.IDC.SETCACHE
Controls the ability to use the access method services SETCACHE command. This RACF profile does not include the following four profiles. A user must have SETCACHE access in order to have specific setcache command authorization.
STGADMIN.IDC.SETCACHE.DISCARDPINNED
Controls the ability to use the access method services SETCACHE DISCARDPINNED command.
STGADMIN.IDC.SETCACHE.PENDINGOFF
Controls the ability to use the access method services SETCACHE PENDINGOFF command.
STGADMIN.IDC.SETCACHE.REINITIALIZE
Controls the ability to use the access method services SETCACHE REINITIALIZE command.
STGADMIN.IDC.SETCACHE.SUBSYSTEM
Controls the ability to use the access method services SETCACHE SUBSYSTEM command.
STGADMIN.IFG.READVTOC.volser
Controls the ability to obtain READ access to the VTOC or VTOC index.
STGADMIN.IGD.ACTIVATE.CONFIGURATION
Controls the ability to activate an SMS configuration.
STGADMIN.IGG.ALTER.SMS
Controls the ability to alter the storage class and management class of a data set. If this profile is not created, the user must have RACF authority to the storage class and the management class to alter it. To use this profile, the administrator must have ALTER access to the data set whose storage or management class is to be changed.
STGADMIN.IGG.ALTER.UNCONVRT
Controls the ability to alter a system-managed VSAM data set to an unmanaged VSAM data set.
STGADMIN.IGG.DEFDEL.UALIAS
Controls the ability to define or delete an alias related to a user catalog without any other security authority. You can still define or delete an alias if you have alter authority to the catalog, even if you do not have read authority to this FACILITY class.
STGADMIN.IGG.DEFNVSAM.NOBCS
Controls the ability to define or alter a NVR for a data set without affecting the BCS entry if one exists. This profile is only checked by authorized services using the LOCATE macro, not by utilities like IDCAMS.
STGADMIN.IGG.DEFNVSAM.NONVR
Controls the ability to define or alter a BCS entry for a data set without affecting the VVDS entry if one exists. This profile is only checked by authorized services using the LOCATE macro, not by utilities like IDCAMS.
STGADMIN.IGG.DELETE.NOSCRTCH
Controls the ability to delete the BCS entry for a system-managed data set without deleting the data set itself (for example, using DELETE NOSCRATCH). This controls functions which uncatalog data sets.
Start of change STGADMIN.IGG.DELETE.RENAME End of change
Start of change controls the ability to delete data set entries flagged as "rename in process". Attempts without the facility class for data sets flagged in this manner receive message IDC3009I with a return code of 90 and a reason code of 54. The "rename in progress" flag is ignored for users having RACF READ authority to the facility class and issuing a DELETE, and the entry is deleted. This facility class is intended for maintenance purposes. End of change
STGADMIN.IGG.DELGDG.FORCE
Controls the ability to use DELETE FORCE on a generation data group which contains a system-managed generation data set.
STGADMIN.IGG.DELNVR.NOBCSCHK
Controls the ability to delete the VVDS entry (the NVR) for an system-managed non-VSAM data set without checking the BCS entry and catalog name for the data set. If there is a BCS entry or if the catalog name contained in the NVR does not match the catalog provided in the request, the function is denied unless the user has authority to this profile.
STGADMIN.IGG.DIRCAT
Controls the ability to direct a catalog request to a specific catalog, bypassing the normal catalog search. A directed catalog request is one in which the catalog name is explicitly passed to the catalog in the CATALOG parameter of access method services commands.

In an SMS environment, all the catalog requests against system-managed data sets should be satisfied by the normal catalog search order. Directing the catalog request to a specific catalog requires authority to this profile with the exception of LISTCAT and EXPORT DISCONNECT requests.

STGADMIN.IGG.DLVVRNVR.NOCAT
Controls the ability to delete a VVR or NVR without an associated catalog. Users having RACF READ authority to the FACILITY class need no other RACF authority to the master catalog to perform the DELETE VVR or DELETE NVR functions.
Attention: Restrict access to this FACILITY class to users who understand the risk involved in deleting a VVR or NVR entry from a VVDS.

When a catalog is deleted for recovery purposes, or under certain failure conditions, an uncataloged VSAM data set or SMS nonVSAM data set can be left on the volume. The user can issue the DELETE VVR or DELETE NVR command to clean up the volume. In order to do this, the user needs RACF ALTER authority to the master catalog, and the user catalog must exist so that the catalog can be searched to verify that a BCS entry does not exist for the VVR or NVR. This is the usual situation when RACF ALTER authority to the catalog is needed. If the user catalog does not exist, the user must define an empty user catalog so that it can be searched.

The STGADMIN.IGG.DLVVRNVR.NOCAT FACILITY class allows the use of DELETE VVR or DELETE NVR without an associated user catalog. It does not require RACF authority to the master catalog for these commands.

STGADMIN.IGG.LIBRARY
Controls the ability to DEFINE, DELETE, or ALTER library and volume entries in a tape library.
STGADMIN.IGWSHCDS.REPAIR
Controls the ability to use the AMS SHCDS command functions, which you can use to list outstanding SMSVSAM recovery and control that recovery.

See z/OS DFSMSdss Storage Administration for more information on DFSMSdss functions.

Parent topic: Storage administration (STGADMIN) profiles in the FACILITY class

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014