Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
DASD volume authority z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
By defining profiles in the DASDVOL class, you can define DASD volumes to RACF® and authorize users to perform maintenance operations (such as dump, restore, scratch, and rename) without having access to the data set profiles protecting the data sets. (If a user does not have the necessary DASDVOL authority, he or she must have the necessary authority in the DATASET class to each of the data sets on the volume.) The access authority that you give to a user depends on the product
that the user is using:
As an alternative to assigning the OPERATIONS or group-OPERATIONS attribute, DASDVOL authority allows you to authorize operations personnel to access only those volumes that they must maintain. Using DASDVOL authority is also more efficient for functions such as volume dumping, because only one authorization check for the volume needs to be issued, instead of individual requests for each data set on the volume. For a description of the OPERATIONS attribute, see The OPERATIONS attribute. If the volume serials do not readily allow the use of * or % as generic characters in DASDVOL profile names, consider creating profiles in the GDASDVOL class. See Creating resource group profiles. |
Copyright IBM Corporation 1990, 2014
|