Defining who can create, modify, or delete DTCN profiles

Profile owners can always create, modify or delete their own profiles. However, you can define, through RACF® profiles, other users that can modify or delete any profiles. This might be useful, for example, if you want a system administrator to delete unused or obsolete profiles owned by a user that no longer has access to those profiles.

Only the security administrator of the z/OS® system can add or remove IDs to the RACF profiles. After you identify the IDs of the users you want to have this access, do these steps:
  1. Establish the profile in the FACILITY class by entering the following RDEFINE command: 
    RDEFINE FACILITY EQADTOOL.DTCNCHNGEANY UACC(NONE)
  2. Verify that generic profile checking is in effect for the class FACILITY by entering the following command: 
    SETROPTS GENERIC(FACILITY)
  3. Give a user (for example, user DUSER1) permission to modify another user's profiles by entering the following command: 
    PERMIT EQADTOOL.DTCNCHNGEANY CLASS(FACILITY) ID(DUSER1) ACCESS(UPDATE)
    Instead of connecting individual users, you can specify that DUSER1 be a RACF group profile and then connect authorized users to that group.
  4. If the FACILITY class is not active, activate the class by entering the following command: 
    SETROPTS CLASSACT(FACILITY)
    Enter the SETROPTS LIST command to verify that the FACILITY class is active.
  5. Refresh the FACILITY class by entering the following command: 
    SETROPTS RACLIST(FACILITY) REFRESH