z/OS Security Server RACF Callable Services
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Examples

z/OS Security Server RACF Callable Services
SA23-2293-00

The following examples are not coding samples. Rather, they demonstrate how to construct the input parameter list for a number of requests.

Example 1: Connect user JOSEPH to the FINANCE group with various authorities.

Function code = ADMN_CONNECT 
* First, define the request header
HEADER  DS 0H
        DC AL1(6)         Length of user
        DC CL8'JOSEPH'    User name
        DC AL1(0)         Reserved byte 
        DC AL2(0)         Not used on input
        DC AL2(1)         Number of segments (BASE only)
* First segment entry - BASE
BSEG    DC CL8'BASE'      BASE segment entry
        DC CL1'Y'         Flag byte - Y - create segment
        DC AL2(4)         Field count - 4
* First BASE segment field entry
BFLD1   DC CL8'GROUP'     Group field
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(7)         Length of field data
        DC CL7'FINANCE'   Field data
* Second BASE segment field entry
BFLD2   DC CL8'AUTH'      Authority field
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(7)         Length of field data
        DC CL7'CONNECT'   Field data
* Third BASE segment field entry
BFLD3   DC CL8'AUDITOR'   Auditor field
        DC CL1'Y'         Flag byte - Y - boolean value
        DC AL2(0)         No field data for booleans
* Fourth BASE segment field entry
BFLD4   DC CL8'UACC'      Universal access field
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(6)         Length of field data
        DC CL6'UPDATE'    Field data

Example 2: This is the same as example 1, but is shown in "rows", where a single line represents the request header, and individual segment and field entries. This convention will be used from this point on.

Function code = ADMN_CONNECT 
HEADER  DC AL1(6),CL8'JOSEPH',AL1(0),AL2(0),AL2(1)
BSEG    DC CL8'BASE',CL1'Y',AL2(4)
BFLD1   DC CL8'GROUP',CL1'Y',AL2(7),CL7'FINANCE'
BFLD2   DC CL8'AUTH',CL1'Y',AL2(7),CL7'CONNECT'
BFLD3   DC CL8'AUDITOR',CL1'Y',AL2(0)
BFLD4   DC CL8'UACC',CL1'Y',AL2(6),CL6'UPDATE'

Example 3: Alter JOSEPH's connection to FINANCE to remove the AUDITOR attribute and define a revoke and resume date.

Function code = ADMN_CONNECT 
HEADER  DC AL1(6),CL8'JOSEPH',AL1(0),AL2(0),AL2(1)
BSEG    DC CL8'BASE',CL1'Y',AL2(4)
BFLD1   DC CL8'GROUP',CL1'Y',AL2(7),CL7'FINANCE'
BFLD2   DC CL8'AUDITOR',CL1'N',AL2(0)
BFLD3   DC CL8'REVOKE',CL1'Y',AL2(7),CL7'8/29/05'
BFLD4   DC CL8'RESUME',CL1'Y',AL2(6),CL6'9/8/05'

Example 4: Remove JOSEPH's connection to FINANCE.

Function code = ADMN_REMOVE 
HEADER  DC AL1(6),CL8'JOSEPH',AL1(0),AL2(0),AL2(1)
BSEG    DC CL8'BASE',CL1'Y',AL2(1)
BFLD1   DC CL8'GROUP',CL1'Y',AL2(7),CL7'FINANCE'
Parent topic: Group connection administration

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014