z/OS DFSMShsm Implementation and Customization Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Protecting DFSMShsm user macros with RACF FACILITY class profiles

z/OS DFSMShsm Implementation and Customization Guide
SC23-6869-01

A security administrator can create the following fully qualified discrete profiles (Table 1) to authorize or deny the use of DFSMShsm macro interface commands issued via a macro interface. Additionally, the DFSMShsm implicit processing is detailed in Table 2.

Table 1. RACF FACILITY Class Profiles for DFSMShsm User Macros
Macro / interface name RACF® FACILITY class resource name
ARCXTRCT STGADMIN.ARC.ENDUSER.HLIST
ARCHRCLL STGADMIN.ARC.ENDUSER.HRECALL
ARCFMWE No protection
ARCHBACK STGADMIN.ARC.ENDUSER.HBACKDS
ARCHBDEL STGADMIN.ARC.ENDUSER.HBDELETE
ARCHDEL STGADMIN.ARC.ENDUSER.HDELETE
ARCHMIG STGADMIN.ARC.ENDUSER.HMIGRATE
ARCHRCOV STGADMIN.ARC.ENDUSER.HRECOVER
ARCHSEND No protection. Instead, the command sent by ARCHSEND is checked by the appropriate profile.
Table 2. RACF FACILITY Class Profiles for DFSMShsm Implicit Processing
Implicit process RACF FACILITY class resource name
Implicit recall Protected by user's authority to data set being recalled.
Implicit delete, roll-off For GDG, protected by user's authority to the data set.
Parent topic: RACF FACILITY class profiles for DFSMShsm

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014