RACF® performs authorization
checking for RACF-protected DASD data sets that are accessed by the
following system utilities when the utilities
issue the OPEN macro instruction:
- ADRDSSU
- ICKDSF
- IEBCOMPR
- IEBCOPY
- IEBDG
- IEBEDIT
- IEBGENER
- IEBISAM
- IEBPTPCH
- IEBUPDTE
- IEHLIST
- IEHMOVE
To use these utilities on RACF-protected data sets, you must be
defined to RACF and must be
permitted access to any RACF-protected data sets that the utilities
access (unless the UACC for the resource is sufficient to allow access).
Note: - You can use standard or nonstandard naming conventions when you
define DASD data set profiles to RACF. By
default (the standard naming convention), RACF expects the high-level qualifier of the
name of a data set profile to be either a RACF-defined user ID or
group name.
RACF also allows you to use options
to modify existing data set names to make them conform to RACF standard naming conventions.
For example, the single-level name prefixing facility of RACF adds a qualifier to make the data set name
acceptable to RACF routines.
If you are not familiar with the options for nonstandard naming conventions,
see z/OS Security Server RACF Security Administrator's Guide for
more information.
You also have the ability to create a naming
convention table (ICHNCV00), which RACF uses
to check the data set name in all commands and SVCs that process data-set
names. Creating this table will help you set up and enforce data-set
naming conventions that are different from the standard RACF naming convention. For more information,
see Data set naming convention table and the description of the
ICHNCONV macro in z/OS Security Server RACF Macros and Interfaces.
- See RACF database utilities for a description of the RACF utilities that can be used
on the RACF database.
The following topics describe special rules you must consider when
using utilities on RACF-protected data sets.