Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Activating program control (WHEN(PROGRAM) option) z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
If you have the SPECIAL attribute, you can activate program control by
using the WHEN(PROGRAM) operand of the SETROPTS command. When program
control is active, RACF® provides
access control to load modules, and program access to data sets and
SERVAUTH resources. The following example shows how to specify this
option:
Access control to load modules allows only authorized users to load and execute specified load modules (programs). RACF uses profiles in the PROGRAM general resource class to control access to programs. Program access to data sets allows an authorized user or group of users to access specified data sets in conjunction with the user's authority to execute a certain program. That is, some users can access specified data sets at a specified access level only while executing a certain program. Program access to SERVAUTH class resources allows an authorized user or group of users to access certain IP addresses in conjunction with the user's authority to execute a certain program. That is, some users can access specified IP addresses at a specified access level only while executing a certain program. If you have the SPECIAL attribute, you can also deactivate program control by using the NOWHEN(PROGRAM) operand on the SETROPTS command. NOWHEN(PROGRAM) is in effect when a RACF database
is first initialized using IRRMIN00.
Note:
For more information, see Protecting programs.
|
Copyright IBM Corporation 1990, 2014
|