z/OS DFSMShsm Implementation and Customization Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


ABARS comprehensive RACF FACILITY class authorization

z/OS DFSMShsm Implementation and Customization Guide
SC23-6869-01

You can use the following commands to authorize a person to issue the ABACKUP and ARECOVER commands globally, for all aggregates and DFSMS does not check that persons authority for each data set that is processed.

If you specify . . . Then . . .
RDEFINE FACILITY STGADMIN.ARC.ABACKUP UACC(NONE)

PERMIT STGADMIN.ARC.ABACKUP CLASS(FACILITY) ID(userid) ACCESS(READ)

 You define a comprehensive RACF® FACILITY class under which the person who is associated with userid can issue the ABACKUP command.
RDEFINE FACILITY STGADMIN.ARC.ARECOVER UACC(NONE)

PERMIT STGADMIN.ARC.ARECOVER CLASS(FACILITY) ID(userid) ACCESS(READ)

 You define a comprehensive RACF FACILITY class under which the person who is associated with userid can issue the ARECOVER command.

If your installation uses generic profiles then checking is done for the most specific profile first, and if your generic profile grants access to that profile, then you have restricted access. It is suggested that you define STGADMIN.ARC.ABACKUP.* UACC(NONE) for the generic profile and grant users specific access to their aggregates on an individual basis. ARECOVER processing is the same in regards to comprehensive and restrictive resources when processing generic profiles. See your security administrator or refer to z/OS Security Server RACF Security Administrator's Guide for more information.

Parent topic: Creating the RACF FACILITY class profiles for ABARS

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014