If you have the SPECIAL attribute, you can specify that RACF® provides access authorization checking for general resource classes. You can specify this option for selected general resource classes with the CLASSACT operand of the SETROPTS command.

SETROPTS CLASSACT(TERMINAL CONSOLE)

RACF prevents you from activating all classes using the SETROPTS CLASSACT(*) operand. Guideline: Do not activate all RACF classes. Activate only the classes that are important to your installation. This is because some classes have a default return code of 8. For those classes, activate them only after you define the resource profiles to allow needed access.

For information on activating protection for specific general resource classes, check the index of this document for the class name.

If you have the SPECIAL attribute, you can also specify the NOCLASSACT operand on the SETROPTS command. This operand indicates that RACF performs no access authorization checking for selected general resource classes. If you specify NOCLASSACT(*), RACF does not perform access authorization checking for any of the classes in the class descriptor table (CDT). However, you can still define resource profiles to RACF through the RDEFINE command.