Defining Profiles for General Resources

To protect a general resource, use the RDEFINE command to define a general resource profile. You can also use the ISPF panels to define general resource profiles.

When you create a general resource profile, you must specify the class name and the profile name. For example:

RDEFINE  class-name  profile-name

Any time you wish to refer to the profile (for example, when changing its access list), you must give the profile name and class name.

Examples in this book also include the UACC (universal access authority):

RDEFINE  class-name  profile-name  UACC(universal-access-authority)

UACC is usually shown as NONE. This prevents all users not otherwise specified in the access list from accessing the resource.

Usually, you will also issue the PERMIT command to set up the access list in the profile. A sample PERMIT command is:

PERMIT  profile-name  CLASS(class-name)
        ID(user or group)  ACCESS(access-authority)

When you enter the RDEFINE command, you can specify much more than just profile name, class name, and UACC. In most cases, RACF® provides appropriate defaults for this additional information. Where additional information is necessary for the profile (such as specifying the ADDMEM operand for resource grouping profiles), this book gives examples and describes appropriate values. Some of the additional operands that you might consider specifying are:

OWNER—The user ID or group name of the owner of the profile
NOTIFY—A user ID to be notified when access attempts fail
AUDIT—Whether access attempts are to be logged, and if so, at which level.

Other operands are available. For a complete list of the operands for the RDEFINE command, see z/VM: RACF Security Server Command Language Reference.