When you create a profile in the DATASET class, you can create
either a discrete or generic profile.
Choose a
generic profile for the following reasons:
- If you want to protect more than one data set with the same security
requirements. The data sets protected by a generic profile must have
some identical characters in their names. The profile name contains
one or more generic characters (*, **,
or %).
- If you have a single data set that might be deleted, then recreated,
and you want the protection to remain the same, you can create a fully
qualified generic profile. The name of a fully qualified generic profile
matches the name of the data set it protects. Unlike a discrete profile,
a fully qualified generic profile is not deleted when the data set
itself is deleted.
Choose a
discrete profile for the following reasons:
- To protect one data set that has unique security requirements.
The name of a discrete profile matches the name of the data set it
protects.
- To allow changes to a data set profile to take effect immediately,
without needing to refresh in-storage copies of the profile.
Note: - All of the members of a partitioned data set are protected by
one profile, the profile that protects the data set.
- All of the components of a VSAM data set are protected by one
profile, the profile that protects the cluster name. You do not need
to create profiles that protect the index and data components of a
cluster.
- For a generic profile, unit and volume information is ignored
because the data sets that are protected under the generic profile
can reside on many different volumes.
z/OS Security Server RACF Security Administrator's Guide
Copyright IBM Corporation 1990, 2014