z/OS Security Server RACF Callable Services
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Examples

z/OS Security Server RACF Callable Services
SA23-2293-00

The following examples are not coding samples. Rather, they demonstrate how to construct the input parameter list for a number of requests.

Example 1: Permit group FINANCE to the DATASET profile named 'CORP.SALES.*' with READ access. 
* First, define the request header
HEADER  DS 0H
        DC AL1(7)         Length of class
        DC CL8'DATASET'   Class name 
        DC AL1(0)         Reserved byte 
        DC AL2(0)         Not used on input
        DC AL2(1)         Number of segments (BASE only)
* First segment entry - BASE
BSEG    DC CL8'BASE'      BASE segment entry
        DC CL1'Y'         Flag byte - Y - create segment
        DC AL2(3)         Field count - 3
* First BASE segment field entry
BFLD1   DC CL8'PROFILE'   Profile name - required!
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(14)        Length of field data
        DC CL14'''CORP.SALES.*'''   Field data
* Second BASE segment field entry
BFLD2   DC CL8'ID'        Id field
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(7)         Length of field data
        DC CL7'FINANCE'   Field data
* Third BASE segment field entry
BFLD3   DC CL8'ACCESS'    Access field
        DC CL1'Y'         Flag byte - Y - create field
        DC AL2(4)         Length of field data
        DC CL4'READ'      Field data

Example 2: This is the same as example 1, but is shown in "rows", where a single line represents the request header, and individual segment and field entries. This convention will be used from this point on.

Function code = ADMN_PERMIT 
HEADER  DC AL1(7),CL8'DATASET',AL1(0),AL2(0),AL2(1)
BSEG    DC CL8'BASE',CL1'Y',AL2(3)
BFLD1   DC CL8'PROFILE',CL1'Y',AL2(14),CL14'''CORP.SALES.*'''
BFLD2   DC CL8'ID',CL1'Y',AL2(7),CL7'FINANCE'
BFLD3   DC CL8'ACCESS',CL1'Y',AL2(4),CL4'READ'

Example 3: Permit the SALES group with UPDATE access to the DATASET in the previous example, but only when logged on to a specific terminal.

Function code = ADMN_PERMIT 
HEADER  DC AL1(7),CL8'DATASET',AL1(0),AL2(0),AL2(1)
BSEG    DC CL8'BASE',CL1'Y',AL2(4)
BFLD1   DC CL8'PROFILE',CL1'Y',AL2(14),CL14'''CORP.SALES.*'''
BFLD2   DC CL8'ID',CL1'Y',AL2(5),CL5'SALES'
BFLD3   DC CL8'ACCESS',CL1'Y',AL2(6),CL6'UPDATE'
BFLD4   DC CL8'WHENTERM',CL1'Y',AL2(8),CL8'TERMID01'

Example 4: Remove the access list entry for the FINANCE group.

Function code = ADMN_PERMIT 
HEADER  DC AL1(7),CL8'DATASET',AL1(0),AL2(0),AL2(1)
BSEG    DC CL8'BASE',CL1'Y',AL2(3)
BFLD1   DC CL8'PROFILE',CL1'Y',AL2(14),CL14'''CORP.SALES.*'''
BFLD2   DC CL8'ID',CL1'Y',AL2(7),CL7'FINANCE'   
BFLD3   DC CL8'DELETE',CL1'Y',AL2(0)

Example 5: Reset the access list for the BPX.SUPERUSER profile in the FACILITY class.

Function code = ADMN_PERMIT 
HEADER  DC AL1(7),CL8'FACILITY',AL1(0),AL2(0),AL2(1)
BSEG    DC CL8'BASE',CL1'Y',AL2(2)
BFLD1   DC CL8'PROFILE',CL1'Y',AL2(13),CL13'BPX.SUPERUSER'
BFLD2   DC CL8'RESET',CL1'Y',AL2(0)
Parent topic: General resource profile administration

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014