Steps for restricting access to a zFS file system

z/OS Security Server RACF Security Administrator's Guide

Previous topic | Next topic | Contents | Contact z/OS | Library | PDF

Steps for restricting access to a zFS file system

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Before you begin: For each zFS file system, ask the z/OS® UNIX administrator for the name of the MVS™ data set where the file system is stored.

Perform the following steps to restrict access to a zFS file system.

Define a profile in the FSACCESS class to protect each zFS file system. The profile name is the name of the MVS data set that contains the file system.
Example:
```
RDEFINE FSACCESS OMVS.ZFS.WEBSRV.TOOLS UACC(NONE)
```
If multiple file systems are stored in data sets with similar names, you can define a generic profile name to protect multiple file systems. Before you define a generic profile in the FSACCESS class, enable generics for the class, as follows.
Example:
```
SETROPTS GENERIC(FSACCESS)
RDEFINE FSACCESS OMVS.ZFS.WEBSRV.** UACC(NONE)
```
______________________________________________________________________
Authorize selected users and groups with UPDATE access.
Example:
```
PERMIT OMVS.ZFS.WEBSRV.TOOLS CLASS(FSACCESS) ID(GROUPB USER19) ACCESS(UPDATE)
```
______________________________________________________________________
Activate your profile changes in the FSACCESS class, as follows.
- If the FSACCESS class is not already active, activate and RACLIST it.
  Example:
```
SETROPTS CLASSACT(FSACCESS) RACLIST(FSACCESS)
```
- If the FSACCESS class is already active and RACLISTed, refresh it.
  Example:
```
SETROPTS RACLIST(FSACCESS) REFRESH
```
______________________________________________________________________

You have now restricted access to a zFS file system to only the specified users and groups.

Go to the previous page

Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites

Copyright IBM Corporation 1990, 2014