Protecting ICKDSF commands with RACF
You can protect certain ICKDSF commands by defining FACILITY class resource profiles and restricting access to those profiles. Table 1 shows these commands and their associated RACF class profiles. Protection of an ICKDSF command occurs when the following conditions are met:
- RACF FACILITY class is active
- The FACILITY class profile has been defined
When FACILITY class is active and one of the profiles shown in Table 1 is defined, you need access authority to that profile in order to use the associated command. Otherwise, any user can use that command.
| ICKDSF Command | FACILITY Class Profile Name |
|---|---|
| ANALYZE | STGADMIN.ICK.ANALYZE |
| BUILDIX | STGADMIN.ICK.BUILDIX |
| CONTROL | STGADMIN.ICK.CONTROL |
| CPVOLUME | STGADMIN.ICK.CPVOLUME |
| FLASHCOPY | STGADMIN.ICK.FLASHCPY |
| INIT | STGADMIN.ICK.INIT |
| INSPECT | STGADMIN.ICK.INSPECT |
| INSTALL | STGADMIN.ICK.INSTALL |
| IODELAY | STGADMIN.ICK.IODELAY |
| PPRCOPY | STGADMIN.ICK.PPRCOPY |
| REFORMAT | STGADMIN.ICK.REFORMAT |
| REVAL | STGADMIN.ICK.REVAL |
| TRKFMT | STGADMIN.ICK.TRKFMT |
Note: For additional information on FACILITY class profiles, refer to z/OS Security Server RACF Security Administrator's Guide.