You can give certain users or groups of users different access
authorities to use a general resource. You add their user IDs and
the authority you want to give them to the access list on the resource
profile. For example, if you would like J.E. Jones, whose user ID
is JONES, to use your RACF-protected terminal, you would add his user
ID to its access list.
To permit an individual or a group to use a general resource:
- Find the name of the profile that protects the general resource.
To do this, see Searching for general resource profile names.
- Decide which access authority to specify in the profile. The access authority can have one of the following values: NONE,
READ, UPDATE, CONTROL, and ALTER. For descriptions of these values,
see Access authority for general resources.
- Allow access to the general resource. To allow access to your
general resource, use the PERMIT command with the ACCESS operand.
Type:
PERMIT profile-name CLASS(classname) ID(userid|groupname)
ACCESS(access-authority)
You
can specify * on the ID operand to allow all non-RESTRICTED RACF®-defined users to have the
access that you specify on the ACCESS operand.
- Example 1:
To permit user Jones to have access to a terminal
protected by general resource profile IDTERMS, type:
PERMIT IDTERMS CLASS(TERMINAL) ID(JONES) ACCESS(READ)
- Example 2:
To permit groups DEPTD60 and DEPTD58 to have access
to a terminal protected by general resource profile IDTERMS, type:
PERMIT IDTERMS CLASS(TERMINAL) ID(DEPTD60, DEPTD58) ACCESS(READ)
- Example 3:
To permit all RACF-defined
users to have access to a terminal protected by general resource profile
IDTERMS, type:
PERMIT IDTERMS CLASS(TERMINAL) ID(*) ACCESS(READ)
These examples show only some of the operands that are available
to use on the PERMIT command. The complete syntax of the PERMIT command,
with descriptions of all the command operands, is described in z/OS Security Server RACF Command Language Reference.