z/OS Security Server RACF Callable Services
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Examples

z/OS Security Server RACF Callable Services
SA23-2293-00

The following examples are not coding samples. Rather, they demonstrate how to construct the input parameter list for a number of requests.

Example 1: Define a discrete data set profile with a security label of SECRET and a DFP segment.
Note:
  • The profile name is identified as a (required) field in the BASE segment.
  • For fields which take quoted data (for example, installation data), the quotes must be included as part of the data.
  • Since the data set name is not quoted, it will be prefixed with the creator's user ID.
Function code = ADMN_ADD_DS 
* First, define the request header
HEADER  DS 0H
        DC AL1(7)         Length of class
        DC CL8'DATASET'   Class name - optional for DATASET
        DC AL1(0)         Reserved byte 
        DC AL2(0)         Not used on input
        DC AL2(2)         Number of segments (BASE+DFP)
* First segment entry - BASE
BSEG    DC CL8'BASE'      BASE segment entry
        DC CL1'Y'         Flag byte - Y - create segment
        DC AL2(4)         Field count - 4
* First BASE segment field entry
BFLD1   DC CL8'PROFILE'   Profile name - required!
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(9)         Length of field data
        DC CL9'TEST.DATA' Field data
* Second BASE segment field entry
BFLD2   DC CL8'VOLUME'    Volume field
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(6)         Length of field data
        DC CL6'D79PK5'    Field data
* Third BASE segment field entry
BFLD3   DC CL8'UNIT'      Unit field
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(4)         Length of field data
        DC CL4'3390'      Field data
* Fourth BASE segment field entry
BFLD4   DC CL8'SECLABEL'  Security label field
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(6)         Length of field data
        DC CL6'SECRET'    Field data
* Second segment entry - DFP
DSEG    DC CL8'DFP'       DFP segment entry
        DC CL1'Y'         Flag byte - Y - create segment
        DC AL2(1)         Field count - 1
* First DFP segment field entry
DFLD1   DC CL8'RESOWNER'  Resource owner field
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(5)         Length of field data
        DC CL5'MAURA'     Field data

Example 2: This is the same as example 1, but is shown in "rows", where a single line represents the request header, and individual segment and field entries. This convention will be used from this point on.

Function code = ADMN_ADD_DS 
HEADER  DC AL1(7),CL8'DATASET',AL1(0),AL2(0),AL2(2)       
BSEG    DC CL8'BASE',CL1'Y',AL2(4)
BFLD1   DC CL8'PROFILE',CL1'Y',AL2(9),CL9'TEST.DATA'
BFLD2   DC CL8'VOLUME',CL1'Y',AL2(6),CL6'D79PK5'
BFLD3   DC CL8'UNIT',CL1'Y',AL2(4),CL4'3390'
BFLD4   DC CL8'SECLABEL',CL1'Y',AL2(6),CL6'SECRET'
DSEG    DC CL8'DFP',CL1'Y',AL2(1)
DFLD1   DC CL8'RESOWNER',CL1'Y',AL2(5),CL5'MAURA'

Example 3: Define a fully qualified generic data set profile, explicitly specifying a high level qualifier by enclosing the profile name in quotes. Model the profile based on the profile defined in the previous example.

Function code = ADMN_ADD_DS 
HEADER  DC AL1(7),CL8'DATASET',AL1(0),AL2(0),AL2(1)       
BSEG    DC CL8'BASE',CL1'Y',AL2(4)
BFLD1   DC CL8'PROFILE',CL1'Y',AL2(18),CL18'''DEPT06.TEST.DATA'''
BFLD2   DC CL8'GENERIC',CL1'Y',AL2(0)
BFLD3   DC CL8'FROM',CL1'Y',AL2(9),CL9'TEST.DATA'
BFLD4   DC CL8'FVOLUME',CL1'Y',AL2(6),CL6'D79PK5'

Example 4: Modify the owner of the profile defined in the previous example. Also, place the profile into warning mode, and remove the security label. Delete the DFP segment, in case it exists.

Function code = ADMN_ALT_DS 
HEADER  DC AL1(7),CL8'DATASET',AL1(0),AL2(0),AL2(2)       
BSEG    DC CL8'BASE',CL1'Y',AL2(5)
BFLD1   DC CL8'PROFILE',CL1'Y',AL2(18),CL18'''DEPT06.TEST.DATA'''
BFLD2   DC CL8'GENERIC',CL1'Y',AL2(0)
BFLD3   DC CL8'OWNER',CL1'Y',AL2(5),CL5'MIKEO'
BFLD4   DC CL8'SECLABEL',CL1'N',AL2(0)
BFLD5   DC CL8'WARNING',CL1'Y',AL2(0)
DSEG    DC CL8'DFP',CL1'N',AL2(0)

Example 5: Display the contents of a generic data set profile and list the catalogued data set names for which it offers protection. Also, display the DFP segment.

Function code = ADMN_LST_DS 
HEADER  DC AL1(7),CL8'DATASET',AL1(0),AL2(0),AL2(2)       
BSEG    DC CL8'BASE',CL1'Y',AL2(2)
BFLD1   DC CL8'PROFILE',CL1'Y',AL2(11),CL11'''IBMUSER.*'''
BFLD2   DC CL8'DSNS',CL1'Y',AL2(0)
DSEG    DC CL8'DFP',CL1'Y',AL2(0)

Example 6: Delete the data set profile from example 4.

Function code = ADMN_DEL_DS 
HEADER  DC AL1(7),CL8'DATASET',AL1(0),AL2(0),AL2(1)       
BSEG    DC CL8'BASE',CL1'Y',AL2(2)
BFLD1   DC CL8'PROFILE',CL1'Y',AL2(18),CL18'''DEPT06.TEST.DATA'''
BFLD2   DC CL8'GENERIC',CL1'Y',AL2(0)
Parent topic: General resource profile administration

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014