Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Generic profile rules - enhanced generic naming active z/OS Security Server RACF Command Language Reference SA23-2292-00 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The enhanced generic naming option applies only to data sets and allows you to use double asterisk (**) in the DATASET class. It also changes the meaning of the single asterisk (*) at the end of a profile name. Your RACF security administrator activates enhanced generic naming by issuing the SETROPTS command with the EGN operand. SETROPTS EGN makes the rules for data set and general resource profiles consistent with each other. Additionally, generic profiles can be more precise, and the generic profile names are more similar to other IBM products. New installations should set EGN on immediately. The following rules apply if you have enhanced generic naming in effect. Specify * as follows:
Table 1 and Table 2 show examples of generic
profile names you can create when enhanced generic naming is active,
and the resources protected and not protected by those profiles.
Note: Although multiple generic profiles might
match a data set name, only the most specific actually protects the
data set. For example, AB.CD*, AB.CD.**, and
AB.**.CD all match the data set AB.CD, but AB.CD.** protects
the data set.
In general, given two profiles that match a data set, you can find the more specific one by comparing the profile name from left to right. Where they differ, a nongeneric character is more specific than a generic character. In comparing generics, a % is more specific than an *, and an * is more specific than **. Another way to determine the most specific is with the SEARCH command, as there are some rare exceptions to the general rule. SEARCH always lists the profiles in the order of the most specific to the least specific. Data set profiles created before enhanced generic naming is activated continue to provide the same RACF protection after this option is activated. If you protect resources with generic profiles while enhanced generic naming is active and then deactivate this option, your resources can no longer be protected. Table 3 and Table 4 show examples of generic profiles created with enhanced generic naming active and the protection after deactivation.
|
Copyright IBM Corporation 1990, 2014
|