z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling access to all fields in the DFP segment of data set profiles

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can define a profile that allows you to control access to all fields in the DFP segment of all data set profiles. Before you define this profile, generic profile checking for the FIELD class must be active. If generic profile checking is not active, issue the SETROPTS GENERIC(FIELD) command. To define this profile, issue the RDEFINE command and specify DATASET.DFP.* for profile-name as shown in the following example: 
RDEFINE FIELD DATASET.DFP.* UACC(NONE)
Note: When you specify a UACC of NONE, you prevent all users from accessing the DFP segment in all data set profiles, including data set profiles that they own. Likewise, if you specify a UACC of READ, you allow all users to read the information contained in all fields of the DFP segment for all data set profiles.
If the FIELD class is not yet RACLISTed, you must enter the following command after you define or alter the profile: 
SETROPTS RACLIST(FIELD)
If the FIELD class is already RACLISTed, you must refresh the profiles with the following command after you define or alter the profile: 
SETROPTS RACLIST(FIELD) REFRESH
Parent topic: Defining profiles for field-level access checking

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014