Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
RACF-protecting all data sets (PROTECTALL option) z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
If you have the SPECIAL attribute, you can activate PROTECTALL processing
by using the PROTECTALL operand of the SETROPTS command. If PROTECTALL
is active, a user can create or access a data set only if the data
set is RACF-protected by either a discrete or generic profile, or the
access is allowed by global access checking. Note that if PROTECTALL
is in effect, generic profile checking should also be in effect for
the DATASET class. Otherwise, users can create only data sets that
are protected by discrete profiles. The following examples show how
to specify these options:
Note:
PROTECTALL also has a warning option that allows the request even
though the data set is not protected, but sends a warning message
to the user and the MVS™ console.
For example:
Guideline: Before using PROTECTALL(WARNING), perform the
following actions to reduce the number of messages generated:
Note:
PROTECTALL applies to all data sets that do not have system-generated temporary names and that do not have names that begin with **SYSUT. You can extend PROTECTALL to include temporary data sets with system-generated names by using the naming conventions table to modify the name that RACF uses to look like a permanent name. If your installation uses nonstandard names for temporary data sets, you must also predefine entries in the global access checking table that allow these data sets to be created and accessed. If you have the SPECIAL attribute, you can also deactivate PROTECTALL processing by using the NOPROTECTALL operand. NOPROTECTALL is in effect when RACF is first initialized. |
Copyright IBM Corporation 1990, 2014
|