You can limit the use of PPRC commands by defining resource profiles in the RACF® FACILITY class and restricting access to those profiles. To use a protected command, you need read-access authority to the applicable profile.
Table 1 lists the PPRC commands and the facility class profiles that can restrict them. See the z/OS Security Server RACF Security Administrator's Guide for details on activating the RACF facility class, and defining and authorizing users to the PPRC command profiles.
| Command | Profile Name |
|---|---|
| CDELPAIR | STGADMIN.ANT.PPRC.COMMANDS |
| CDELPATH | |
| CESTPAIR | |
| CESTPATH | |
| CGROUP | |
| CQUERY | |
| CRECOVER | |
| CSUSPEND | |
 PSETCHAR |
|
| CQUERY | STGADMIN.ANT.PPRC.CQUERY |
| Note: Authorize
CQUERY command use with the STGADMIN.ANT.PPRC.COMMANDS profile or
the STGADMIN.ANT.PPRC.CQUERY profile. PPRC first checks STGADMIN.ANT.PPRC.COMMANDS
for authorization. If authorization is not permitted with the STGADMIN.ANT.PPRC.COMMANDS
profile, PPRC checks the STGADMIN.ANT.PPRC.CQUERY profile for authorization
to issue the CQUERY command.
|
|
Examples: The
following examples activate the RACF FACILITY
class, define the profile for the PPRC commands, and give user STGADMIN
authority to use this profile:
- This example activates the RACF FACILITY
class:
SETROPTS CLASSACT(FACILITY) - This example defines the profile for PPRC commands, and authorizes
user STGADMIN to use this profile:
RDEFINE FACILITY STGADMIN.ANT.PPRC.COMMANDS UACC(NONE) PERMIT STGADMIN.ANT.PPRC.COMMANDS CLASS(FACILITY) - ID(STGADMIN) ACCESS(READ)