NONE |
Does not allow users to access the
data set. |
EXECUTE |
For a private load library, allows
users to load and execute, but not read or copy, programs (load modules)
in the library.
|
Note: Anyone who has READ, UPDATE,
CONTROL, or ALTER authority to a protected data set can create a copy
of it. As owner of the copied data set, that user has control of the
security characteristics of the copied data set and can downgrade
it. For this reason, you should assign a UACC of NONE, and then selectively
permit a small number of users to access your data set, as their needs
become known. (For information on how to permit selected users or
groups to access a data set, see z/OS Security Server RACF Command Language Reference.)
|
READ |
Allows users to access the data set
for reading only. (Note that users who can read the data set can copy
or print it.) |
UPDATE |
Allows users to read from, copy from,
or write to the data set. However, UPDATE does not authorize a user
to delete, rename, move, or scratch the data set. Allows users
to perform normal VSAM I/O (not improved control interval processing)
to VSAM data sets.
|
CONTROL |
For VSAM data sets, it allows users
to perform improved control interval processing. This is control-interval
access (access to individual VSAM data blocks), and the ability to
retrieve, update, insert, or delete records in the specified data
set. For non-VSAM data sets, CONTROL is equivalent to UPDATE.
|
ALTER |
Allows users to read, update, delete,
rename, move, or scratch the data set. When specified in a discrete
profile, ALTER allows users to read, alter, and delete the profile
itself including the access list.
Note: ALTER does not allow
users to change the owner of the profile using the ALTDSD command.
However, if a user with ALTER access authority to a discrete data
set profile renames the data set, changing the high-level qualifier
to his or her own user ID, then both the data set and the profile
are renamed, and the OWNER of the profile is changed to the
new user ID.
When specified in a generic profile, ALTER gives
users no authority over the profile itself, but allows users
to create new data sets that are covered by that profile.
|