Authorizing DTST transaction to modify storage
Note: This section is not applicable to IBM® Developer z/OS® (non-Enterprise Edition) or IBM Z and Cloud Modernization Stack (Wazi Code).
This topic describes the steps you must take to authorize the DTST transaction to modify either USER-key storage, CICS-key storage, or both. DTST does not allow users to modify Key-0 storage.
The following resources control DTST authorizations:
- EQADTOOL.DTSTMODUSERK, which controls the ability to modify USER-key storage.
- EQADTOOL.DTSTMODCICSK, which controls the ability to modify CICS-key storage.
- Establish profiles in the FACILITY class by entering the following
RDEFINE commands:
RDEFINE FACILITY EQADTOOL.DTSTMODUSERK UACC(NONE) RDEFINE FACILITY EQADTOOL.DTSTMODCICSK UACC(NONE)
- Verify that generic profile checking is in effect for the class
FACILITY by entering the following command:
SETROPTS GENERIC(FACILITY)
- Give a user permission to
modify USER-key, CICS-key storage, or both by entering one or both
of the following commands, where DUSER1 is the name of a RACF-defined
user or group profile:
Instead of connecting individual users, the security administrator can specify DUSER1 to be a RACF® group profile and then connect authorized users to the group.PERMIT EQADTOOL.DTSTMODUSERK CLASS(FACILITY) ID(DUSER1) ACCESS(UPDATE) PERMIT EQADTOOL.DTSTMODCICSK CLASS(FACILITY) ID(DUSER1) ACCESS(UPDATE)
- If the FACILITY class is not active, activate the class by entering
the following
SETROPTS
command:
Enter theSETROPTS CLASSACT(FACILITY)
SETROPTS LIST
command to verify that FACILITY class is active. - Refresh the FACILITY class by entering the following
SETROPTS RACLIST
command:SETROPTS RACLIST(FACILITY) REFRESH