Define the data set profiles

READ access for users and ALTER for system programmers is sufficient for most Developer for z/OS® data sets. Replace the #sysprog placeholder with valid user IDs or RACF® group names. Also, ask the system programmer who installed and configured the product for the correct data set names. FEL is the default high-level qualifier used during installation and FEL.#CUST is the default high-level qualifier for data sets created during the customization process.

  • ADDGROUP (FEL) OWNER(IBMUSER) SUPGROUP(SYS1) 
DATA('IBM Developer for z/OS - HLQ STUB')
                       
  • ADDSD  'FEL.*.**' UACC(READ) 
DATA('IBM Developer for z/OS')
  • PERMIT 'FEL.*.**' CLASS(DATASET) ACCESS(ALTER) ID(#sysprog)
  • SETROPTS GENERIC(DATASET) REFRESH
Notes:
  • Protect FEL.SFELLPA against updates because this data set is loaded into LPA, which is APF authorized by default.
  • The sample commands in this publication and in the FELRACF job assume that Enhanced Generic Naming (EGN) is active. When EGN is active, the ** qualifier can be used to represent any number of qualifiers in the DATASET class. Substitute ** with * if EGN is not active on your system. For more information about EGN, see Security Server RACF Security Administrator's Guide (SA22-7683).
Some of the Developer for z/OS components require additional security data set profiles. Replace the #sysprog and #ram-developer placeholders with valid user ID’s or RACF group names:
  • CARMA RAM (Repository Access Manager) developers require UPDATE access to the CARMA VSAMs, FEL.#CUST.CRA*. 
    • ADDSD  'FEL.#CUST.CRA*.**' UACC(READ) 
DATA('IBM Developer for z/OS - CARMA')
                        
    • PERMIT 'FEL.#CUST.CRA*.**' CLASS(DATASET) ACCESS(ALTER) ID(#sysprog)
    • PERMIT 'FEL.#CUST.CRA*.**' CLASS(DATASET) ACCESS(UPDATE) ID(#ram-developer)
    • SETROPTS GENERIC(DATASET) REFRESH