You can control the users who can be switched in a trusted
connection by defining an external security profile in RACF® and authorizing users to use the profile.
Procedure
To define an external security profile in RACF:
- Create a general resource profile in RACF for the DSNR class by issuing the following
command:
RDEFINE DSNR (TRUSTEDCTX.PROFILE1) UACC(NONE)
- Add users to the TRUSTEDCTX.PROFILE1 profile and define
their level of access authority by issuing the following command:
PERMIT TRUSTEDCTX.PROFILE1 CLASS(DSNR) ID(USER1 USER2) ACCESS(READ)
- Associate the profile with the trusted context definition
by using the EXTERNAL SECURITY PROFILE keyword in the trusted context
user clause definition.
Results
You can remove users who can be switched in a trusted connection
individually from the TRUSTEDCTX.PROFILE1 profile in RACF. You can also remove all users by simply
dissociating the profile from the trusted context definition.