Delegating authority to profiles in the FACILITY class

You can use several methods to allow another user, such as a tape librarian or storage administrator, to work with profiles in the FACILITY class:

Assign the user as OWNER of all of the FACILITY profiles used by the function.
Create a group representing the function and give the user group-SPECIAL authority within the group. Then assign the group as OWNER of the FACILITY profiles used by the group.
If the SETROPTS GENERICOWNER option is in effect, give the user CLAUTH(FACILITY), create a top generic profile to which the user is assigned as OWNER. The SETROPTS GENERICOWNER option limits this user to creating FACILITY profiles that are more specific than the top generic profile.
Guideline: Do not create a top profile named ** in the FACILITY class, as this could lead to problems with RJE.

For more information about the GENERICOWNER option, see Restricting the creation of general resource profiles (GENERICOWNER option).

For other examples for delegating authority in the FACILITY class, see the topics shown in Table 1.

Table 1. Delegating authority in the FACILITY class
Situation	Topic
To allow users to obtain dumps when they are using programs to which they only have EXECUTE authority, using the IEAABD.DMPAUTH resource	Protecting program dumps using the FACILITY class
To allow users to open tape data sets for input without removing the write-enable ring (or equivalent), using the IEC.TAPERING resource	IEC.TAPERING profile in the FACILITY class
To allow users to access DFP-controlled DASD or tape data sets when those data sets are neither cataloged nor system temporary data sets, using ICHUNCAT.data-set-name and CATDSNS	Preventing access to uncataloged data sets (CATDSNS option)
To allow migration of security functions from JES into RACF®, using the RJE, RJP, and NJE NODES profiles	Understanding NODES profiles