z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Example of defining the IEAABD.DMPAUTH profile

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

  1. Define a profile that protects the resource IEAABD.DMPAUTH in the FACILITY class: 
    RDEFINE FACILITY IEAABD.DMPAUTH UACC(NONE)
  2. If you want to give a user an access authority that is different from the one you specified on the RDEFINE command (in this example, an access authority of READ), enter: 
    PERMIT IEAABD.DMPAUTH CLASS(FACILITY) ID(ASMITH) ACCESS(READ)
    When you specify an access authority on either the RDEFINE command or PERMIT command, RACF® allows access to program dumps as follows:
    • A user who has UPDATE or greater authority to the IEAABD.DMPAUTH resource can always obtain program dumps, unless there is an OPEN data set protected by PADS..
    • A user who has READ authority to the IEAABD.DMPAUTH resource can obtain program dumps unless a program was fetched from a library to which the user has only EXECUTE authority. A user cannot obtain a dump of a program to which the user has only EXECUTE authority.

      For more information, see Using EXECUTE access for programs and libraries in ENHANCED mode.

    • A user who has less than READ authority to the IEAABD.DMPAUTH resource can never obtain program dumps of address spaces that contain controlled programs.
Parent topic: Protecting program dumps using the FACILITY class

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014