z/OS ISPF Software Configuration and Library Manager Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Setting up SCLM DSN security

z/OS ISPF Software Configuration and Library Manager Guide and Reference
SC19-3625-00

If SCLM DSN security is active, you must specify which data sets an SCLM project/alternate has access to.

This DSN security does not provide security for data sets to individual users. It only stops users from setting up a similar project using the data sets of another SCLM project in an attempt to bypass processes set up the SCLM administrator.

To secure the SCLM data sets that users have access to, you must use one or both of these:
  • Enhanced Access Control (EAC) to ensure the SCLM data sets are only accessed under SCLM.
  • RACF®, or an alternate security product, to secure the SCLM-controlled data sets.

The data sets secured by SCLM DSN security are the accounting and audit/version VSAM data sets defined to the SCLM project, as well as the SCLM-controlled hierarchy data sets.

If you are using the FLMALTC macro to specify alternate source data sets, you must specify the actual data set name allocated by SCLM when securing the SCLM-controlled hierarchy data sets.

To secure the data sets, you must create a XFACILIT resource class with a UACC of READ. The profile name should be in the format: 
SCLM.DSN.project.alternate.dsn
where:
project
The SCLM project name.
alternate
The SCLM alternate project name.
dsn
The data set you want to secure.
Note: You can set up generic resources by specifying an asterisk (*) for either the project, alternate, or process in the profile name.
These are examples of specifying generic resources:
SCLM.DSN.SCLM01.ALT01.SCLM01.DEV.**
Selects all SCLM01.DEV data sets.
SCLM.DSN.SCLM01.ALT01.SCLM01.*.SOURCE.**
Selects all SCLM01 SOURCE data sets.
Figure 1 shows an example of setting up SCLM DSN security.
Figure 1. Example of setting up SCLM DSN security
CLASS      NAME
-----      ----
XFACILIT   SCLM.DSN.PRJ0120.*.PRJ0120.** (G)

GROUP CLASS NAME
----- ----- ----
GXFACILI

LEVEL  OWNER      UNIVERSAL ACCESS  YOUR ACCESS  WARNING
-----  --------   ----------------  -----------  -------
 00    SCLM            NONE               READ    NO

INSTALLATION DATA
-----------------
NONE

APPLICATION DATA
----------------
NONE

SECLEVEL
----------------
NONE

SECLEVEL
--------
NO SECLEVEL

CATEGORIES
----------
NO CATEGORIES

SECLABEL
--------
NO SECLABEL

AUDITING
--------
FAILURES(READ)

NOTIFY
------
NO USER TO BE NOTIFIED

      USER      ACCESS
----      ------
AUDITOR    READ
DEVELOP    READ
Parent topic: SCLM internal security

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014