z/OS Security Server RACF General User's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Permitting an individual or a group to use a data set

z/OS Security Server RACF General User's Guide
SA23-2298-00

You can use a data set profile to protect the information you create and use to do your job. Besides protecting a data set with a universal access authority, you can give certain users different abilities to access it, by adding the users and the authority you want to give them to the access list in the data set profile.

Note: For a description of when a change to a user's access occurs, see When data set profile changes take effect.

To permit an individual or a group use of a data set:

  1. Find the name of the profile that protects the data set. For more information, see Finding out how a data set is protected.
  2. Decide whether to use the profile that protects the data set.
    • If the profile is a discrete profile, go to Step 3.
    • If the profile is a generic profile, it might protect more than one data set. You need to decide whether to create a new profile for the data set. For more information, see Choosing between discrete and generic profiles.
  3. Decide which access authority to specify for the user.

    The access authority can have one of the following values: NONE, READ, UPDATE, CONTROL, ALTER, or EXECUTE. For descriptions of these values, see Access authority for data sets.

  4. Allow access to the data set.
    To allow access to your data set, use the PERMIT command with the ACCESS keyword: 
    PERMIT 'profile-name' ID(userID|groupname) ACCESS(level)
    • Example 1. Permitting a user to read a data set:
      Data set SMITH.PROJ.ONE is protected by a discrete profile. To permit user JONES to read data set SMITH.PROJ.ONE, enter the following command: 
      PERMIT 'SMITH.PROJ.ONE' ID(JONES) ACCESS(READ)
    • Example 2. Permitting more than one user to read a data set:
      To permit users JONES and MOORE to read data set SMITH.PROJ.ONE, enter the following command: 
      PERMIT 'SMITH.PROJ.ONE' ID(JONES, MOORE) ACCESS(READ)
    • Example 3. Permitting more than one user or group to read a data set:
      To permit group DEPTD60 and user JONES to read user data set SMITH.PROJ.ONE, enter the following command: 
      PERMIT 'SMITH.PROJ.ONE' ID(DEPTD60, JONES) ACCESS(READ)
    • Example 4. Permitting a user to read a group data set:
      To permit user SMITH to read group data set GROUPID.PROJ.ONE, enter the following command: 
      PERMIT 'GROUPID.PROJ.ONE' ID(SMITH) ACCESS(READ)
Parent topic: Changing access to a data set

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014