z/OS DFSMStvs Planning and Operating Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


RACF RDEFINE coding

z/OS DFSMStvs Planning and Operating Guide
SC23-6877-00

You can define the generic profile to cover all the log streams referenced by a DFSMStvs instance. For example, issue the command: RDEFINE LOGSTRM tvsname.** UACC(NONE). The tvsname is in the form of IGWTVnnn.

The examples in Figure 1 give access to three categories of users:
Figure 1. Example of an RACF PERMIT command
PERMIT tvsname.** CLASS(LOGSTRM) ACCESS(UPDATE)
            ID(smsvsam_userid)
PERMIT tvsname.** CLASS(LOGSTRM) ACCESS(READ)
            ID(authorized_browsers)
PERMIT tvsname.** CLASS(LOGSTRM) ACCESS(UDPATE)
            ID(archive_userid)
In these examples, smsvsam_userid is the user ID of the VSAM RLS address space in which DFSMStvs makes its calls to the system logger. The number of profiles you define depends on the following criteria:
  • The naming convention that you used for the logs
  • The extent to which you can use generic profiling

DFSMStvs also writes to forward recovery log streams and a log of logs that is used to optimize forward recovery. To protect these log streams, code the appropriate RDEFINE commands and PERMIT commands for each of them.

For all forward recoverable data sets that DFSMStvs accesses, grant DFSMStvs access to these logs:
  • The log of logs
  • The forward recovery log streams

Each of these log streams requires update authority for each of the other log streams. For example, issue the commands shown in Figure 2:

Figure 2. Example of RACF RDEFINE commands
     RDEFINE LOGSTRM FORWARD.RECOVERY.**  UACC(NONE)
     RDEFINE LOGSTRM FR.LOG.**   UACC(NONE)
     RDEFINE LOGSTRM LOG.OF.LOGS  UACC(NONE)
     PERMIT  FOWARD.RECOVERY.** CLASS(LOGSTRM) ACCESS(UPDATE)
            ID(smsvsam_userid)
     PERMIT  FR.LOG.**  CLASS(LOGSTRM) ACCESS(UPDATE)
            ID(smsvsam_userid)
     PERMIT  LOG.OF.LOGS  CLASS(LOGSTRM) ACCESS(UPDATE)
            ID(smsvsam_userid)
For peer recovery to be possible, grant the VSAM RLS server the authority to read and write to the log streams of the DFSMStvs instances on other systems. Issue the commands shown in Figure 3 to grant the VSAM RLS server authority:
Figure 3. Example of RACF commands to grant VSAM RLS authority to read and write log streams
     PERMIT IGWTV001.** CLASS(LOGSTRM) ACCESS(UPDATE)
            ID(smsvsam_userid)
     PERMIT IGWTV002.** CLASS(LOGSTRM) ACCESS(UPDATE)
            ID(smsvsam_userid)
Parent topic: Authorizing access to log streams

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014