You can limit the use of PPRC commands by defining resource profiles in the RACF® FACILITY class and restricting access to those profiles. To use a protected command, you need read-access authority to the applicable profile.
Table 1 lists the PPRC commands and the facility class profiles that can restrict them. See the z/OS Security Server RACF Security Administrator's Guide for details on activating the RACF facility class, and defining and authorizing users to the PPRC command profiles.
Command | Profile Name |
---|---|
CDELPAIR | STGADMIN.ANT.PPRC.COMMANDS |
CDELPATH | |
CESTPAIR | |
CESTPATH | |
CGROUP | |
CQUERY | |
CRECOVER | |
CSUSPEND | |
PSETCHAR | |
CQUERY | STGADMIN.ANT.PPRC.CQUERY |
Note: Authorize
CQUERY command use with the STGADMIN.ANT.PPRC.COMMANDS profile or
the STGADMIN.ANT.PPRC.CQUERY profile. PPRC first checks STGADMIN.ANT.PPRC.COMMANDS
for authorization. If authorization is not permitted with the STGADMIN.ANT.PPRC.COMMANDS
profile, PPRC checks the STGADMIN.ANT.PPRC.CQUERY profile for authorization
to issue the CQUERY command.
|
SETROPTS CLASSACT(FACILITY)
RDEFINE FACILITY STGADMIN.ANT.PPRC.COMMANDS UACC(NONE)
PERMIT STGADMIN.ANT.PPRC.COMMANDS CLASS(FACILITY) -
ID(STGADMIN) ACCESS(READ)