z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Steps for authorizing users to update data in a custom field

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Before you begin: To allow users to use the ISPF panels to update data in custom fields, create FACILITY class profiles that define the IRR.RADMIN.LISTUSER and IRR.RADMIN.LISTGRP resources, as shown in Authorizing users for the ISPF panels to update custom field data.

Optionally, perform the following steps to authorize selected users and groups to view, add, and update data in a custom field. Steps 1 through 4 show various methods you can use to authorize users. If you perform any of these steps, you must perform Step 5 to activate your changes.
  1. Use the &RACUID variable to authorize users to view and update their own user information in a custom field.
    Example: Suppose you want to authorize all users to update their own home addresses and telephone numbers in the ADDRESS and PHONE fields.
    RDEFINE FIELD USER.CSDATA.ADDRESS UACC(NONE)
RDEFINE FIELD USER.CSDATA.PHONE UACC(NONE)

PERMIT USER.CSDATA.ADDRESS CLASS(FIELD) ID(&RACUID) ACCESS(UPDATE)
PERMIT USER.CSDATA.PHONE CLASS(FIELD) ID(&RACUID) ACCESS(UPDATE)

    ______________________________________________________________________

  2. Authorize selected users and groups to add and update data in the custom fields of user profiles.
    Example: Suppose you want to authorize the HR group to view and update each user's ACTIVE and EMPSER fields.
    RDEFINE FIELD USER.CSDATA.ACTIVE UACC(NONE)
RDEFINE FIELD USER.CSDATA.EMPSER UACC(NONE)

PERMIT USER.CSDATA.ACTIVE CLASS(FIELD) ID(HR) ACCESS(UPDATE)
PERMIT USER.CSDATA.EMPSER CLASS(FIELD) ID(HR) ACCESS(UPDATE)

    ______________________________________________________________________

  3. Authorize selected users and groups to view data in the custom fields of user profiles.
    Example: Suppose you want to authorize the HELPDESK group to view each user's CODE field.
    RDEFINE FIELD USER.CSDATA.CODE UACC(NONE)
PERMIT USER.CSDATA.CODE CLASS(FIELD) ID(HELPDESK) ACCESS(READ)

    ______________________________________________________________________

  4. Authorize selected users and groups to update data in the custom fields of group profiles.
    Example: Suppose you want to authorize the procurement department to update each group's COMPADDR field.
    RDEFINE FIELD GROUP.CSDATA.COMPADDR UACC(NONE)
PERMIT GROUP.CSDATA.COMPADDR CLASS(FIELD) ID(PROCGRP) ACCESS(UPDATE)

    ______________________________________________________________________

  5. Activate your authorizations in the FIELD class:
    Example:
    SETROPTS CLASSACT(FIELD) RACLIST(FIELD)
  or, if the FIELD class is already in use:
SETROPTS RACLIST(FIELD) REFRESH

    ______________________________________________________________________

You have now authorized selected users to view, add, and update custom field information for users and groups at your installation.

Parent topic: Authorizing users to update data in a custom field

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014