Disabling DBRC security for the RECON data set in test environments
If you copy the RECON data set from your production environment into your test environment, you can disable DBRC security for the test copy of the RECON data set.
Disabling DBRC security, which secures the RECON data set against the unauthorized use of DBRC commands and API requests, can make working with copies of the production RECON data sets in the test environment easier and can also be useful during problem determination.
Disabling DBRC security does not disable or otherwise affect the security checking performed by other security products, such as RACF®.
To disable DBRC security checking for a copy of a RECON data set:
Procedure
- Specify a 1- to 44-character substring of
the data set name of the secured RECON data set in the rcnqual parameter
of the CMDAUTH keyword on either an INIT.RECON or CHANGE.RECON DBRC
command. Because security checking is still active at this point, you need proper security authorization to issue the INIT.RECON or CHANGE.RECON command.
- Define a new data set with a name that does not contain the character string specified in the rcnqual parameter.
- Copy the secured RECON data set into the new data set.
When the text string in rcnqual parameter does not match any portion of the RECON data set name, security checking for the copy of the RECON data set is disabled.
Examples
The following commands provide examples of specifying the rcnqual parameter.
CHANGE.RECON CMDAUTH(SAF,SAFHLQ1,IMSTESTS.DSHR)INIT.RECON CMDAUTH(SAF,SAFHLQ1,IMSTESTS.DSHR)
The example below shows the status listing for
a RECON data set in which security has been disabled. The string shown
in the RCNQUAL field, IMSTESTS.DSHR, which could
have been set by either one of the command examples above, does not
match exactly any part of the name of the COPY1 RECON data set, IMSTESTS.COPYDSHR.RECON1.
RECON
REORG NUMBER VERIFICATION=NO
LOG RETENTION PERIOD=00.001 00:00:00.0
COMMAND AUTH=SAF HLQ=SAFHLQ1
RCNQUAL = IMSTESTS.DSHR
ACCESS=SERIAL LIST=STATIC
SIZALERT DSNUM=15 VOLNUM=16 PERCENT= 95
LOGALERT DSNUM=3 VOLNUM=16
TIME STAMP INFORMATION:
TIMEZIN = %SYS
OUTPUT FORMAT: DEFAULT = LOCORG NONE PUNC YY
CURRENT = LOCORG NONE PUNC YY
IMSPLEX = ** NONE ** GROUP ID = ** NONE **
-DDNAME- -STATUS- -DATA SET NAME-
RECON1 COPY1 IMSTESTS.COPYDSHR.RECON1
RECON2 COPY2 IMSTESTS.COPYDSHR.RECON2
RECON3 SPARE IMSTESTS.COPYDSHR.RECON3
NUMBER OF REGISTERED DATABASES = 7 The
example below shows the status listing for a RECON data set in which
security is active. In this example, the string shown in the RCNQUAL
field, IMSTESTS.DSHR, does match a part of the name
of the COPY1 RECON data set, IMSTESTS.DSHR.RECON1.
RECON
REORG NUMBER VERIFICATION=NO
LOG RETENTION PERIOD=00.001 00:00:00.0
COMMAND AUTH=SAF HLQ=SAFHLQ1
RCNQUAL = IMSTESTS.DSHR
ACCESS=SERIAL LIST=STATIC
SIZALERT DSNUM=15 VOLNUM=16 PERCENT= 95
LOGALERT DSNUM=3 VOLNUM=16
TIME STAMP INFORMATION:
TIMEZIN = %SYS
OUTPUT FORMAT: DEFAULT = LOCORG NONE PUNC YY
CURRENT = LOCORG NONE PUNC YY
IMSPLEX = ** NONE ** GROUP ID = ** NONE **
-DDNAME- -STATUS- -DATA SET NAME-
RECON1 COPY1 IMSTESTS.DSHR.RECON1
RECON2 COPY2 IMSTESTS.DSHR.RECON2
RECON3 SPARE IMSTESTS.DSHR.RECON3
NUMBER OF REGISTERED DATABASES = 7