Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Activating generic profile checking and generic command processing z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
If you have the SPECIAL attribute, you can activate or deactivate generic
profile checking for a class. You can specify this option with the
GENERIC and NOGENERIC operands of the SETROPTS command. The following
example shows how to activate generic profile checking for the DATASET
class.
Guidelines:
If you want to perform maintenance on the generic profiles in
the RACF database, you might
want to temporarily deactivate generic profile checking but allow RACF command processors to update
generic profiles. You can specify this environment with the NOGENERIC
and GENCMD operands of the SETROPTS command. The following example
shows how to specify this environment for the DATASET class.
NOGENERIC and NOGENCMD are in effect when a RACF database is first initialized using IRRMIN00. If there is a global access checking table entry of $RACUID.**/ALTER for data sets, users can create unprotected data sets even if PROTECTALL is in effect. However, other users are not allowed to access those data sets. |
Copyright IBM Corporation 1990, 2014
|