z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Protecting the vector facility

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

If your processor has a vector facility, you can use RACF® to protect it.

To do this, perform the following steps.
  1. Define the IEAVECTOR profile in the FACILITY class. 
    RDEFINE FACILITY IEAVECTOR UACC(NONE)

    This command specifies that no users can use the vector facility.

  2. Give READ access authority to appropriate users or groups. 
    PERMIT IEAVECTOR CLASS(FACILITY) ID(user or group) ACCESS(READ)
  3. Activate the FACILITY class (if it is not already active).
    SETROPTS CLASSACT(FACILITY)

If your installation does not need to control the use of the vector facility, you can define an entry for IEAVECTOR in the global access checking table. Global access checking allows your installation to bypass normal RACF authorization checking and, thereby, minimize processing.

To define an entry for the vector facility in the global access checking table, issue the following commands. 
RDEFINE  GLOBAL FACILITY
RALTER   GLOBAL FACILITY ADDMEM(IEAVECTOR/READ)
SETROPTS GLOBAL(FACILITY)

For more information, see Setting up the global access checking table.

Parent topic: Protecting general resources

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014