When users are added to the STGADMIN.ARC.ABACKUP profile, they receive comprehensive command authority. When users are also authorized to the STGADMIN.ARC.ABACKUP.agname profile, they receive RESTRICTED instead of COMPREHENSIVE command authority. When users have COMPREHENSIVE command authority, they may then issue the ABACKUP command for any aggregate group, and no RACF® authorization checking is performed on the data sets being processed during aggregate backup.
When you define a RACF FACILITY class profile for the DFSMShsm ABACKUP command, the Universal Access (UACC) keyword on the RDEFINE command defaults to NONE. This means that the ABACKUP command cannot be issued until a user is authorized to that profile using the RACF PERMIT command.
RDEFINE FACILITY STGADMIN.ARC.ABACKUPPERMIT STGADMIN.ARC.ABACKUP CLASS(FACILITY) -
ID(userID) ACCESS(READ)