z/OS ISPF Software Configuration and Library Manager Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Setting up SCLM service security

z/OS ISPF Software Configuration and Library Manager Guide and Reference
SC19-3625-00

If SCLM process security is active, you must specify what processes within SCLM a user has access to.

The easiest way to do this is to:

  1. Group the users by the access they require within SCLM. For example: developer, project manager, SCLM administrator, and so on.
  2. Set up RACF® security groups with those groups or roles.
  3. Provide the users with access to the appropriate RACF group.
  4. Provide access for each of the SCLM functions to the appropriate security group (roles) you set up previously. To see how this is done, refer to the documentation below.

By setting up security groups in this way, it means that when adding a new user you simply have to give the new user access to the appropriate security group; for example, developer.

Table 1 shows the processes which you are able to secure.

Table 1. SCLM processes that can be secured
Process SCLM functionality secured
ACCTINFO ACCTINFO service and the A line command in Library Utility (option 3.1) and Unit of Work (option 3.11).
AUTHCODE AUTHCODE service and the U line command in Library Utility (option 3.1) and Unit of Work (option 3.11).
BUILD BUILD service, Build (option 4) and the C line command in Library Utility (option 3.1) and Unit of Work (option 3.11).
DBACCT DBACCT service.
DELETE DELETE service and the D line command in Library Utility (option 3.1) and Unit of Work (option 3.11).
DELGROUP DELGROUP service and DELGROUP utility (option 3.9).
DSALLOC DSALLOC service.
EDIT EDIT service, Edit (option 2) and the E line command in Library Utility (option 3.1) and Unit of Work (option 3.11).
ENDEC ENDEC service (Encode/Decode).
EXPORT EXPORT service and Export utility (option 3.6).
IMPORT IMPORT service and Import utility (option 3.6).
LOCK LOCK service.
MIGRATE MIGRATE service and Migrate utility (Option 3.3).
NOPROM NOPROM service and the N line command in Library Utility (option 3.1) and Unit of Work (option 3.11).
PROMOTE PROMOTE service, Promote Utility (option 4) and the P line command in Library Utility (option 3.1) and Unit of Work (option 3.11).
SAVE SAVE service.
SEARCH Search Utility (option 3.13).
STORE STORE service.
TRANSFER The T line command in Library Utility (option 3.1) and Unit of Work (option 3.11).
UNLOCK UNLOCK service.
VERDEL VERDEL service and D line command in Audit and Version Utility (option 3.8).
VERHIST VERHIST service and H line command in Audit and Version Utility (option 3.8).
VERINFO VERINFO service and V line command in Audit and Version Utility (option 3.8).
VERRECOV VERRECOV service and R line command in Audit and Version Utility (option 3.8).
VIEW View utility (option 1) and the V or B line command in Library Utility (option 3.1) and Unit of Work (option 3.11).
To secure the online dialogs and services, you must create an XFACILIT resource class with a UACC of NONE. The profile name must be in the format: 
SCLM.SVC.project.alternate.process
where:
project
The SCLM project name.
alternate
The SCLM alternate project name.
process
The SCLM process you want to secure.
Once the XFACILIT resource class has been created, you must provide the access to the XFACILIT resource to the appropriate users or group.
Note: You can set up generic resources by specifying an asterisk (*) for either the project, alternate, or process in the profile name.
Parent topic: SCLM internal security

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014