Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Universal access authority (UACC) for data sets z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
Each data set profile you define with RACF® requires a
universal access authority (UACC). The UACC is the default access
authority that RACF gives to
users and groups that are not defined in the profile's access list.
If one of these users or groups requests access to a data set that
is protected by the profile, RACF grants
or denies the request based on the UACC. UACC coverage also extends
to users that are not defined to RACF and
batch jobs that are not associated with a RACF-defined user. A batch
job has no user ID associated with it in the following cases:
In some cases, jobs originating from NJE can have a user ID, depending on the NODES class profiles that are defined on your system. If you specifically assign an access authority to a user or group, the authority you specify overrides the UACC assigned to the data set. Also, if the access checking defined in the global access checking table is higher than the UACC assigned to the data set, the entry in the global access checking table overrides the UACC. For a given data set:
Note: If you have users who are not defined to RACF, you can use ID(*) instead
of UACC to ensure that only RACF-defined users access the resource.
The following examples illustrate the difference between UACC(READ)
and ID(*) ACCESS(READ).
|
Copyright IBM Corporation 1990, 2014
|