To control the ability to perform functions associated with storage
management, define profiles in the FACILITY class whose profile names
begin with STGADMIN (storage administration). The STGADMIN.IGG facility
classes are only intended for SMS data sets.
If defined, these profiles are checked before a user is allowed
to perform the protected function. Users must have read access to
the specific profile in order to use the protected functions. If these
profiles are not defined, other RACF® checking
is still made to verify authority.
Note that the following STGADMIN.IGG statement permissions
are checked with LOG=NONE:
- STGADMIN.IGG.DELNVR.NOBCSCHK
- STGADMIN.IGG.DEFDEL.UALIAS
- STGADMIN.IGG.DEFINE.RECAT
- STGADMIN.IGG.DELETE.RENAME
Some FACILITY profiles are not checked if the caller is using the
system key or is running in supervisor state. These profiles are:
- STGADMIN.IGG.DEFDEL.UALIAS
- STGADMIN.IGG.DEFNVSAM.NOBCS
- STGADMIN.IGG.DEFNVSAM.NONVR
- STGADMIN.IGG.DELETE.NOSCRTCH
- STGADMIN.IGG.DELGDG.FORCE
- STGADMIN.IGG.DELGDG.RECOVERY
- STGADMIN.IGG.DELNVR.NOBCSCHK
- STGADMIN.IGG.DIRCAT
- STGADMIN.IGG.LIBRARY
- STGADMIN.IGG.DEFINE.RECAT
Define the following classes to protect catalog functions. For
a complete list of STGADMIN profiles, see
z/OS DFSMSdfp Storage Administration.
- STGADMIN.IDC.DIAGNOSE.CATALOG
- protects the ability to use the access method services DIAGNOSE
command against catalogs.
- STGADMIN.IDC.DIAGNOSE.VVDS
- protects the ability to use the access method services DIAGNOSE
command against a VVDS when a comparison is made to a BCS.
- STGADMIN.IDC.EXAMINE.DATASET
- protects the ability to use the access method services EXAMINE
command on catalogs.
- STGADMIN.IGG.ALTER.SMS
- controls the ability to alter the storage class and management
class of an SMS-managed data set. If the profile is not built, the
user must have RACF authority
to the storage class and the management class to alter it. To use
this profile, the administrator must have ALTER access to the data
set whose storage or management class is to be changed.
- STGADMIN.IGG.ALTER.UNCONVRT
- protects the ability to alter an SMS-managed catalog data set
to an unmanaged catalog data set.
- STGADMIN.IGG.DEFDEL.UALIAS
- allows you to define or delete an alias related to a usercatalog
without further authorization checking.
- STGADMIN.IGG.DEFNVSAM.NOBCS
- controls the ability to define or alter a NVR for a data set without
affecting the BCS entry if one exists. This profile is only checked
by authorized services using the LOCATE macro, not by utilities like
IDCAMS.
- STGADMIN.IGG.DEFNVSAM.NONVR
- controls the ability to define or alter a BCS for a data set without
affecting the VVDS entry if one exists. This profile is only checked
by authorized services using the LOCATE macro, not by utilities like
IDCAMS.
- STGADMIN.IGG.DELETE.NOSCRTCH
- protects the ability to delete the BCS entry for an SMS-managed
data set without deleting the data set itself (for example, using
DELETE NOSCRATCH). This protects against functions that uncatalog
data sets.
- STGADMIN.IGG.DELGDG.FORCE
- protects the ability to use DELETE FORCE on a generation data
group that contains an SMS-managed generation data set. The DELETE
GDG FORCE command deletes SMS generation data sets referenced by the
generation data group. It also removes the generation data group
entry in the catalog.
- STGADMIN.IGG.DELGDG.RECOVERY
- this command deletes the generation data group and uncatalogs
the SMS generation data sets. When you use this command, the generation
data group entry is deleted from the catalog and generation data sets
remain unaffected in the VTOC, and if SMS managed, in the VVDS.
- STGADMIN.IGG.DELNVR.NOBCSCHK
- protects the ability to delete the VVDS entry (the NVR) for an
SMS-managed non-catalog data set and to bypass the catalog name and
BCS entry checking. If there is a BCS entry or if the catalog name
contained in the NVR does not match the catalog provided in the request,
the function is denied unless the user has authority to this profile.
- STGADMIN.IGG.DIRCAT
- protects the ability to direct a catalog request to a specific
catalog, bypassing the normal catalog search. A directed catalog request
is one in which the catalog name is explicitly passed to catalog management
in the CATALOG parameter of access method services commands.
Note on catalog requests in SMS : In an SMS
environment, all the catalog requests against SMS-managed data sets
should be satisfied by the normal catalog search order. You must be
authorized to this facility class in order to direct the catalog request
to a specific catalog, unless you are using one of the following commands:
- LISTCAT
- DEFINE ALIAS of a usercatalog
- IMPORT CONNECT
- EXPORT CONNECT
- LISTCAT LEVEL, and other catalog commands that list the catalog
in a generic manner.
- STGADMIN.IGG.DLVVRNVR.NOCAT
- protects the ability to delete a VVR or NVR without an associated
catalog. Users having RACF READ
authority to the facility class will need no other RACF authority to the master catalog to perform
the DELETE NVR or DELETE VVR functions.
Note: Access to this facility
class should be restricted to users who understand the risk involved
in deleting a VVR or NVR entry from a VVDS.
- STGADMIN.IGG.DELETE.RENAME
- controls the ability to delete data set entries flagged as "rename
in process". Attempts without the facility class for data sets flagged
in this manner receive message IDC3009I with a return code of 90 and
a reason code of 54. The "rename in progress" flag is ignored for
users having RACF READ authority
to the facility class and issuing a DELETE, and the entry is deleted.
This facility class is intended for maintenance purposes.
- STGADMIN.IGG.LIBRARY
- protects the ability to DEFINE, DELETE or ALTER tape library and
tape volume entries.
- STGADMIN.IGG.DEFINE.RECAT
- controls the ability to DEFINE RECATALOG a data set without
having any authorization to the data set. The only data set authorization
is:
- Users must have ALTER authority to the target and source catalog
while performing a REPRO MERGECAT
- Users must have UPDATE authority to the target catalog while performing
a DEFINE RECATALOG
The primary purpose of this RACF facility
class is for REPRO MERGECAT command processing. Historically,
there was a security restriction in REPRO MERGECAT processing
where in Catalog Management requires the catalog administrator
who executes the REPRO MERGECAT command to have ALTER authority
to the data set(s). With this RACF facility
class, the REPRO MERGECAT function does not require ALTER authority
to the data set(s) being moved.
In order to use the REPRO MERGECAT
command, you must do the following RACF set-up:
- ALTER authority to both source and target catalogs
- READ authority to the following RACF facility
classes:
- STGADMIN.IGG.DELETE.NOSCRTCH
- STGADMIN.IGG.DEFINE.RECAT