The following sets of RACF® commands
illustrate several variations of restricting the ability to collect
API trace data.
- To allow any user to start or stop tracing for any conversation
on the system:
RDEFINE FACILITY ATBTRACE.*.*.* UACC(READ)
SETROPTS CLASSACT(FACILITY) RACLIST(FACILITY)
SETROPTS RACLIST(FACILITY) REFRESH
- To allow any user to start or stop tracing for only those conversations
for the TP named COMPANY.MAIL that runs on the LU named NET01.LU01:
RDEFINE FACILITY ATBTRACE.NET01.LU01.COMPANY.MAIL UACC(NONE)
PERMIT ATBTRACE.NET01.LU01.COMPANY.MAIL CLASS(FACILITY) ID(*)
ACCESS(READ)
SETROPTS CLASSACT(FACILITY) RACLIST(FACILITY)
SETROPTS RACLIST(FACILITY) REFRESH
- To allow only tracing START and STOP requests issued from user
ID JOE, for only those conversations for the TP JOE.MAIL.PGM running
on LU NET02.LU02:
RDEFINE FACILITY ATBTRACE.NET02.LU02.JOE.MAIL.PGM UACC(NONE)
PERMIT ATBTRACE.NET02.LU02.JOE.MAIL.PGM CLASS(FACILITY) ID(JOE)
ACCESS(READ)
SETROPTS CLASSACT(FACILITY) RACLIST(FACILITY)
SETROPTS RACLIST(FACILITY) REFRESH
In this case, no
other user is allowed to start or stop trace for these conversations.
- To allow only tracing START and STOP requests issued from user
ID FRED, for only those conversations for the TP FRED.MAIL.PGM running
in network NET02, on any LU in the VTAM® generic
resource group GEN02:
RDEFINE FACILITY ATBTRACE.NET02.GEN02.FRED.MAIL.PGM UACC(NONE)
PERMIT ATBTRACE.NET02.GEN02.FRED.MAIL.PGM CLASS(FACILITY) ID(FRED)
ACCESS(READ)
SETROPTS CLASSACT(FACILITY) RACLIST(FACILITY)
SETROPTS RACLIST(FACILITY) REFRESH
- To allow only tracing START and STOP requests issued from user
ID MYUSER, for all conversations for all TPs that run on LU NET99.LU99:
RDEFINE FACILITY ATBTRACE.NET99.LU99.* UACC(NONE)
PERMIT ATBTRACE.NET99.LU99.* CLASS(FACILITY) ID(MYUSER) ACCESS(READ)
SETROPTS CLASSACT(FACILITY) RACLIST(FACILITY)
SETROPTS RACLIST(FACILITY) REFRESH