|
This summary presents the steps required by RACF® to define general
resource profiles. Note that specific instructions for most resources
supported by the supplied general resource classes are contained elsewhere
in this document. - Determine which resources are to be protected by the profile.
This involves the following information:
- Create the general resource profile using the RDEFINE command:
RDEFINE classname profile-name other-operands
Note: To
change a general resource profile, use the RALTER command.
- If specific users or groups are to have specific
access to the resource, use the PERMIT command to create one or both
of the access lists:
Note: - Access authorities that you can specify with UACC or specifically
assign to users vary from class to class, and are described in the
topics of this document that describe the specific classes.
- Not all classes are described in this document. (For example,
the DSNR class is not described in this document.) Also, in some classes
(notably the FACILITY class), the access required by some resource
managers to specific profiles is described in the documentation of
the resource manager. Therefore, go to that resource manager to find
the descriptions of that class. (In the case of DSNR, which is used
by DB2®, see RACF and DB2.)
- The profile creator might be automatically added to the access
list with ALTER authority. For more information, see Automatic addition of creator's user ID to access list.
- If you have not already done so, activate the resource class:
SETROPTS CLASSACT(classname)
- For performance benefits, consider doing one of the following:
- Allow all users on the system to have access to the resource at some level (such as READ
or UPDATE) by creating a global access checking table entry that has
a name similar to the new resource profile.
See Setting up the global access checking table.
- Reduce I/O to the RACF database
by requesting that RACF keep all profiles in the class in storage:
SETROPTS RACLIST(classname)
Note: This
is required for some classes.
|