Protecting a data set

RACF® can protect your data sets from other users by controlling who has authority to access them and at what authority level they can do so. You can use RACF to protect data sets by creating profiles for them. When you attempt to use a data set, RACF checks your user profile as well as the data set profile to decide whether to allow you to use it.

A data set profile contains the following information:

The data set name.
The data set owner.
The access list, which is a list of specific users and groups who can use a data set and how they can use it.
The universal access authority (UACC), which is the default level of access authority allowed for all users or groups not specified in the access list.
Auditing information. RACF can audit the use of each data set. The audit can be general or specific. For example, you can set up a resource profile for your data set to audit every attempt to use that data set. Or, you can define the profile to audit only the attempts to update the data set.

You can protect a data set by identifying specific users or groups with the access you want them to have in the access list. You can give all other RACF-defined users a certain access. Just put ID(*) in the access list with the access authority you want them to have. All other users are allowed the access you specify as the universal access authority (UACC). The access authorities you can specify are: NONE, READ, UPDATE, CONTROL, ALTER, and EXECUTE. See Creating a discrete profile to protect a data set for more information about each. To protect a data set most effectively, you should initially specify a UACC of NONE and selectively give certain users specific access authority to the data set.

You can use RACF to protect your data sets by doing the tasks described in this chapter.