z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling access to all fields in the DFP segment of group profiles

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can define a profile that allows you to control access to all fields in the DFP segment of all group profiles. Before you define the following profile, generic profile checking for the FIELD class must be active. If it is not active, issue the SETROPTS GENERIC(FIELD) command before you define the generic profile. To define this profile, issue the RDEFINE command and specify GROUP.DFP.* for profile-name as shown in the following example:
RDEFINE FIELD GROUP.DFP.* UACC(NONE)
Note: When you specify a UACC of NONE, you prevent all users from accessing the DFP segment in all group profiles, including their current connect group. Likewise, if you specify a UACC of READ, you allow all users to read the information contained in all fields of the DFP segment for all group profiles.
If the FIELD class is not yet RACLISTed, you must enter the following command after you define or alter the profile: 
SETROPTS RACLIST(FIELD)
If the FIELD class is already RACLISTed, you must refresh the profiles with the following command after you define or alter the profile: 
SETROPTS RACLIST(FIELD) REFRESH
Parent topic: Defining profiles for field-level access checking

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014