If you create a profile in the TERMINAL or GTERMINL class, you must give users
at least READ access authority in order to allow them to use the protected
terminal.
- To protect a terminal using RACF®,
create a profile for it using the RDEFINE command. On the command,
specify the universal access authority (UACC) you want to assign to
the terminal. The following command defines a profile for terminal
M01RF267 and specifies a UACC of NONE.
RDEFINE TERMINAL M01RF267 UACC(NONE)
On
systems using VTAM®, the terminal's
node name is the RACF resource
name. See your systems programmer for node name information.
- Use the PERMIT command to allow users and groups to use the terminal.
You must give a user at least READ access authority to the terminal.
Otherwise, the user is not authorized to use the terminal. For example,
the following command grants users SMITH and JONES READ access authority
to terminal M01RF627.
PERMIT M01RF267 CLASS(TERMINAL) ID(SMITH JONES) ACCESS(READ)
Important: After you define a terminal and protect
it with a UACC of NONE, no one can use the terminal until you grant
users or groups READ access authority to the resource.
- When you are ready to start using the protection defined
in the profiles, activate the TERMINAL class. You should also consider
activating SETROPTS RACLIST processing for the class. SETROPTS RACLIST
processing helps ensure high performance when access authorities are
checked. Also, if you are using GTERMINL profiles, you must request
RACLIST processing for the TERMINAL class. You can do these two actions
in one command:
SETROPTS CLASSACT(TERMINAL) RACLIST(TERMINAL)
Note: When
you activate the TERMINAL class, RACF also
activates the GTERMINL class.
Creating a profile in the GTERMINL class: If
you want to protect several terminals in the same way, but their names
do not allow you to create a generic profile, you can create a profile
in the GTERMINL class for them. For example, to protect terminals
M01RF267, M03RF168, and M04GG148 with one profile, you could create
a profile with a name you choose, such as DEPT35:
RDEFINE GTERMINL DEPT35 UACC(NONE) ADDMEM(M01RF267 M03RF168 M04GG148)
To allow group FINANCE to use these terminals, enter:
PERMIT DEPT35 CLASS(GTERMINL) ID(FINANCE) ACCESS(READ)
Note: After creating or changing a GTERMINL profile, you must request
SETROPTS RACLIST processing for the TERMINAL class to make the changes
effective on the system.
To protect another terminal, named M01RF299, with the same profile,
change the DEPT35 profile as follows:
RALTER GTERMINL DEPT35 ADDMEM(M01RF299)
SETROPTS RACLIST(TERMINAL) REFRESH
To stop protecting terminal M03RF168 with this profile, change
the DEPT35 profile as follows:
RALTER GTERMINL DEPT35 DELMEM(M03RF168)
SETROPTS RACLIST(TERMINAL) REFRESH