Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Protecting ISMF functions z/OS DFSMSdfp Storage Administration SC23-6860-01 |
|
You can use RACF® authorization to limit access to the following categories of ISMF functions:
ISMF relies on the RACF program control feature to protect many of its applications. The RACF program control feature prevents unauthorized end users from running selected ISMF programs. To use the feature, you must activate the RACF Program Class and define your selected ISMF programs to RACF. With RACF program control
you can set up authorization levels for each of these categories,
varying the level within a particular category to suit the needs of
your installation. Individual end users can execute an ISMF function
if one of the following conditions is true:
Recommendation: Protect
these functions with RACF program
control to make sure that only particular users can use the storage
administrator applications and functions. Because a TSO/E user can
change his user mode level, as this information is contained in the
user's ISPF profile, protect the functions at a different level than
user mode level.
The RACF program
resource
class allows the security administrator to protect various ISMF applications
and functions with program control. This is achieved by controlling
the access to load modules which are invoked by:
The load modules reside in the following
libraries:
If the installation moves these modules to another load library, the installation-defined load library must be used in the program protection. To protect a load module, use the RDEFINE RACF command. The syntax of this
command is:
See z/OS Security Server RACF Security Administrator's Guide for a detailed description of how to use the RACF program control features. |
Copyright IBM Corporation 1990, 2014
|