Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Controlling Catalog Functions with RACF Profiles in the FACILITY Class z/OS DFSMS Managing Catalogs SC23-6853-00 |
|
By defining and controlling access to profiles in the FACILITY class, you can control who can use certain catalog functions. Besides defining these profiles, you must activate the FACILITY class for these functions to be protected. These profiles can be assigned to an owner. For example, the person responsible for managing catalogs can be assigned ownership of these profiles. A profile owner can then list, modify, or delete the profiles as needed. The following RACF® commands
show how to define a FACILITY profile, authorize a user to perform
the functions restricted by the profile, and activate the FACILITY
class. The profile defined is IGG.CATLOCK, which is assigned to user
CATADMIN, and user USER01 is authorized to use the profile.
The RDEFINE command creates
the profile and gives it a universal access authority (UACC) of NONE.
Because READ authority to the profile allows a user to perform the
protected function, you must use a UACC of NONE to limit the use of
the protected function. The PERMIT command is used to authorize the
appropriate users or groups to perform the protected function. If
the FACILITY class is already active, the SETROPTS command is not
necessary. |
Copyright IBM Corporation 1990, 2014
|