Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Overview of the class descriptor table z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|||||||||
The RACF® class descriptor
table (CDT) contains the names and attributes of the resource classes
that can be used on your RACF system.
There are up to three sets of class descriptor entries that comprise
the CDT.
Together, the supplied CDT entries in module ICHRRCDX and the installation-defined CDT entries in module ICHRRCDE are known as the static CDT. They are considered static entries because changes to these RACF modules are not effective until the next system IPL. The dynamic CDT consists of the set of entries that you administer using RACF commands. These entries are effective without an IPL. Dynamic CDT entries are created from profiles that you define in the CDT general resource class. (The names of the profiles you define in the CDT class become new classes in the dynamic CDT.) RACF authorization checking processes the dynamic CDT as a logical extension of the static CDT. This topic describes how to administer dynamic CDT entries using general resource profiles in the CDT class.
Your installation should not change or delete entries in ICHRRCDX. You can update ICHRRCDE but use of this module is not the preferred method for adding installation-defined resources classes. If your installation has already installed and updated ICHRRCDE, you are not required to remove or update this module. However, consider migrating your static CDT entries from ICHRRCDE to the dynamic CDT. See Migrating to the dynamic CDT. |
Copyright IBM Corporation 1990, 2014
|