To control who can delete a particular module from dynamic LPA,
the RACF® security administrator
can take the following steps:
- To establish a profile for the library name for the FACILITY class,
issue RDEFINE:
RDEFINE FACILITY CSVDYLPA.DELETE.modname UACC(NONE)
where
modname is
the name of the module to delete from the LPA. For example,
MYMODULE
You
can use generic characters for the qualifiers in the module name.
For example,
CSVDYLPA.DELETE.M*
If
you have RACF 1.9 or higher
installed, you can use the following generic to cover all module names:
CSVDYLPA.DELETE.**
To ensure that
generic profile checking is in effect for the class FACILITY, issue
the following command:
SETROPTS GENERIC(FACILITY)
- To permit the user (in this example user OPER1) to delete module
m from the LPA, issue the following:
PERMIT CSVDYLPA.DELETE.m CLASS(FACILITY) ID(OPER1) ACCESS(UPDATE)
OPER1
must be the name of a RACF-defined user or group profile.
Note: Instead
of specifying individual userids, you can specify the name of a RACF group profile and connect
authorized users to the group. See
Defining RACF profiles.
- If the FACILITY class is not already active, issue the SETROPTS
command as follows:
SETROPTS CLASSACT(FACILITY)
(To
ensure that the FACILITY class is active, you can issue the SETROPTS
LIST command.)
- To refresh the FACILITY resource class, issue SETROPTS RACLIST:
SETROPTS RACLIST(FACILITY) REFRESH