z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Adding a dynamic class that shares a POSIT value

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

To add a new class to the dynamic CDT that you will administer together with another class, add the new class with the same POSIT value as the other class. (See Processing options that are controlled by a shared POSIT value for details about the RACF® processing options that are controlled together for classes that share a POSIT value.)

For example, if you have an existing class called PONIES8 (either in the dynamic CDT or in ICHRRCDE) with a unique POSIT number (301, for example), you might add a new class called HORSES8, a class related to PONIES8, and logically requiring the same RACF processing options.

Assume that you have already activated the following SETROPTS options for the existing PONIES8 class:
  • CLASSACT
  • RACLIST
  • AUDIT
When you execute the RDEFINE CDT command to add the new HORSES8 class to the CDT, specify the POSIT number as 301 (the same as for PONIES8). When you refresh the dynamic CDT, all of the same RACF processing options that are in effect for class PONIES8 will automatically be in effect for the new class HORSES8, except SETROPTS RACLIST. The SETROPTS RACLIST(HORSES8) command must be issued separately for the HORSES8 class because a new dataspace must be built.
Rules:
  1. If you want SETROPTS RACLIST active for a new class, you must execute the SETROPTS RACLIST command after you define the new class to build its new associated dataspace.
  2. If SETROPTS GENLIST is active for a new class, you must execute the SETROPTS GENLIST command after you define the new class to build its associated in-storage profiles.
After the dataspace has been built initially, you can issue either one of the following commands to refresh RACLISTed profiles in both the HORSES8 and PONIES8 classes.
  • SETROPTS RACLIST(HORSES8) REFRESH or
  • SETROPTS RACLIST(PONIES8) REFRESH
Further, by issuing either one of the following commands, you activate global access checking for both the PONIES8 and the HORSES8 classes.
  • SETROPTS GLOBAL(HORSES8) or
  • SETROPTS GLOBAL(PONIES8)
Similarly, by issuing either one of the following commands, you activate STATISTICS for both the PONIES8 and the HORSES8 classes.
  • SETROPTS STATISTICS(PONIES8) or
  • SETROPTS STATISTICS(HORSES8)

Any number of classes can share the same POSIT number. For example, a third class called MARES8 could be added and could also share POSIT number 301 with PONIES8 and HORSES8.

Parent topic: Administering the dynamic class descriptor table (CDT)

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014