z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Example of setting up an execute-controlled library

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

The following sequence of RACF® commands illustrates one way you can set up an execute-controlled library. Assume the program is member XCLPGM in program library KBROWN.PGMLIB2.
  1. If program control is not active, enter: 
    SETROPTS WHEN(PROGRAM)

    After program control is active, it remains active until your installation deactivates it by issuing the SETROPTS command with the NOWHEN(PROGRAM) operand.

  2. Define a data set profile to protect the private program library by issuing the ADDSD command with the appropriate operands. The following command defines a data set profile to protect program library KBROWN.PGMLIB2. The command assigns a UACC of EXECUTE to allow all users to execute but not otherwise access the library. 
    ADDSD 'KBROWN.PGMLIB2' UACC(EXECUTE)
  3. Define a specific profile in the PROGRAM class that protects the controlled program. The following command identifies only program XCLPGM as a controlled program.
    RDEFINE PROGRAM XCLPGM ADDMEM('KBROWN.PGMLIB2'/VOL6A/NOPADCHK)
    Note: If you intend to run in ENHANCED program security mode, add APPLDATA('MAIN') to this RDEFINE command.
  4. Refresh the in-storage program control tables by issuing the following command.
    SETROPTS WHEN(PROGRAM) REFRESH

    This ensures that the changes take effect immediately.

Parent topic: Examples of controlling programs and using PADS

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014