Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Permitting profiles for GENERICOWNER classes z/OS Security Server RACF Command Language Reference SA23-2292-00 |
|||||||||||||||||||||||||||||||
GENERICOWNER gives an installation the ability of restricting CLAUTH users from creating profiles in a class. In order to do this, a top-level ** profile is defined. This profile is owned by the system administrator and this profile blocks all non-SPECIAL users from creating profiles. A permitting profile must be defined for each CLAUTH user. Each profile defines the subset of resources in the class that the user is allowed to create. When a CLAUTH user attempts to define a resource, a search is made for a less-specific (permitting) profile that covers the profile being defined. This less-specific profile is a profile that matches the more specific profile name, character for character, up to the ending * or ** or ending contiguous % characters in the less-specific name. This definition might appear simple, but is not exactly what you might expect in comparison to the preceding section.
|
Copyright IBM Corporation 1990, 2014
|