Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Restricting IXLCONN access to XCF catalog and note pad structures z/OS MVS Setting Up a Sysplex SA23-1399-00 |
|
By default, any programs that run in supervisor state or PKM allowing keys 0 to 7 can use the IXLCONN macro to establish XES connections to the XCF catalog and note pad structures. However, the data in these structures is managed solely by XCF, and allowing other programs to access the data directly through established XES connections could cause serious data integrity issues. IBM suggests that installations use Security Authorization Facility (SAF) to restrict access to the XCF catalog and note pad structures. No additional action is needed to grant XCF access. Note that restricting access to a note pad structure does not prohibit a program from accessing the note pads hosted in that note pad structure. See Authorizing XCF note pad requests for more information on defining security profiles to control access to XCF note pads. The following steps describe how the RACF® security administrator can define RACF profiles to control the use of XCF catalog and note pad structures:
For example, if an installation wants to restrict access to the XCF catalog structure, the security administrator can use the following commands:
See z/OS Security Server RACF Security Administrator's Guide for information about RACF. |
Copyright IBM Corporation 1990, 2014
|