z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Controlling access to all fields in the DFP segment of user profiles

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

You can define a profile that lets you control access to all of the fields in the DFP segment of all user profiles. Before you define this profile, generic profile checking for the FIELD class must be active. If generic profile checking is not active, issue the SETROPTS GENERIC(FIELD) command.

To define this profile, issue the RDEFINE command with a generic profile name. For example, enter: 
RDEFINE FIELD USER.DFP.* UACC(NONE)
Note: When you specify a UACC of NONE, you prevent all users from accessing the DFP segment in all user profiles, including their own. Likewise, if you specify a UACC of READ, you allow all users to read the information contained in all fields of the DFP segment for all user profiles.
If the FIELD class is not yet RACLISTed, you must enter the following command after you define or alter the profile: 
SETROPTS RACLIST(FIELD)
If the FIELD class is already RACLISTed, you must refresh the profiles with the following command after you define or alter the profile: 
SETROPTS RACLIST(FIELD) REFRESH
Parent topic: Defining profiles for field-level access checking

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014