z/OS DFSMS Managing Catalogs
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling Catalog Functions with RACF Profiles in the FACILITY Class

z/OS DFSMS Managing Catalogs
SC23-6853-00

By defining and controlling access to profiles in the FACILITY class, you can control who can use certain catalog functions. Besides defining these profiles, you must activate the FACILITY class for these functions to be protected.

These profiles can be assigned to an owner. For example, the person responsible for managing catalogs can be assigned ownership of these profiles. A profile owner can then list, modify, or delete the profiles as needed.

The following RACF® commands show how to define a FACILITY profile, authorize a user to perform the functions restricted by the profile, and activate the FACILITY class. The profile defined is IGG.CATLOCK, which is assigned to user CATADMIN, and user USER01 is authorized to use the profile. 
    RDEFINE  FACILITY  IGG.CATLOCK  UACC(NONE) OWNER(CATADMIN)

    PERMIT  CLASS(FACILITY)  IGG.CATLOCK  ID(USER01) ACCESS(READ)

    SETROPTS CLASSACT(FACILITY)
The RDEFINE command creates the profile and gives it a universal access authority (UACC) of NONE. Because READ authority to the profile allows a user to perform the protected function, you must use a UACC of NONE to limit the use of the protected function. The PERMIT command is used to authorize the appropriate users or groups to perform the protected function. If the FACILITY class is already active, the SETROPTS command is not necessary.
Parent topic: Resource Access Control Facility (RACF) Protection

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014