Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Granting access authorities z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|||||||||
You can grant (or deny) user or group access to a RACF-protected resource either explicitly, by assigning the specific user or group access authority with the appropriate command, or implicitly, with the universal access authority (UACC). Each resource that you protect with RACF® requires a UACC, which is the default access authority
for the resource. All users in the system who are not specifically
authorized in the access list of that resource profile, except users
defined with the RESTRICTED attribute, can still access the resource
with the authority specified by UACC (unless the UACC is NONE). These
users include users not defined to RACF.
Note: Users with the RESTRICTED attribute can access the
resource when they are specifically authorized in the access list
with the sufficient authority.
If you specifically assign a user or group an access authority to a resource, the specified authority overrides the UACC specified for the resource. Valid authorities that you can specify with UACC or specifically assign to users or groups vary from class to class, and are described in the topics of this document that describe the specific classes. Note: Not all classes are described in this document. (For example,
the DSNR class is not described in this document.) Also, in some classes,
the access required by some resource managers to specific profiles
is described in the documentation of the resource manager.
Table 1 shows additional meanings for several access authorities for general resources.
|
Copyright IBM Corporation 1990, 2014
|