Granting RACF access to payroll operations to a RACF group

To provide the SELECT, INSERT, UPDATE, and DELETE privileges on the PAYDEPT view to payroll workers, you need to permit RACF read access to a profile that defines the SELECT, INSERT, UPDATE, and DELETE privileges.

Procedure

  1. Define a discrete RACF profile for the SELECT, INSERT, UPDATE, and DELETE privileges on the view for payroll workers, PAYDEPT, in the class for views, MDSNTB, with a default access of no access.
  2. Permit access to the RACF profile to individual managers.
  3. Refresh the profiles in the MDSNTB class.

Example

To define the RACF profiles for the SELECT, INSERT, UPDATE, and DELETE privileges on the PAYDEPT table in subsystem DB2A, and grant access to the PAYOPS group, use the following statements: 
RDEFINE MDSNTB DB2A.SYSADM.PAYDEPT.SELECT UACC(NONE)
RDEFINE MDSNTB DB2A.SYSADM.PAYDEPT.INSERT UACC(NONE)
RDEFINE MDSNTB DB2A.SYSADM.PAYDEPT.UPDATE UACC(NONE)
RDEFINE MDSNTB DB2A.SYSADM.PAYDEPT.DELETE UACC(NONE)
PERMIT DB2A.SYSADM.PAYDEPT.SELECT CLASS(MDSNTB) ID(PAYOPS) ACC(READ)
PERMIT DB2A.SYSADM.PAYDEPT.INSERT CLASS(MDSNTB) ID(PAYOPS) ACC(READ)
PERMIT DB2A.SYSADM.PAYDEPT.UPDATE CLASS(MDSNTB) ID(PAYOPS) ACC(READ)
PERMIT DB2A.SYSADM.PAYDEPT.DELETE CLASS(MDSNTB) ID(PAYOPS) ACC(READ)
SETROPTS RACLIST(MDSNTB) REFRESH