Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Refreshing in-storage generic profile lists (GENERIC REFRESH option) z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
If you have the SPECIAL, AUDITOR, or OPERATIONS attribute, you can initiate the refreshing of in-storage generic profile lists by specifying the GENERIC and REFRESH operands on the SETROPTS command. When you specify GENERIC and REFRESH, you also specify one or more classes for which you want RACF® to refresh in-storage generic profile lists. This causes all of the in-storage generic profiles in the specified general resource class (except those in the global access checking table) to be replaced with new copies from the RACF database. Note that you must issue this command each time you want RACF to perform the refresh process. To refresh the profiles, issue the SETROPTS GENERIC(classname) REFRESH command. RACF processes classname and all classes that share the same POSIT value on their class descriptor table (CDT) entries. The following example shows how to refresh in-storage generic profiles
for the DATASET and TERMINAL classes.
If you use SETROPTS GENLIST to activate shared in-storage generic profiles for a general resource class, RACF refreshes the profiles as well as the profile lists for that class when you specify the class with GENERIC and REFRESH. For more information, see SETROPTS options to activate in-storage profile processing. If you specify SETROPTS GENERIC(*) REFRESH, RACF refreshes profile lists for the DATASET class and all active classes except resource grouping classes and classes defined with the GENERIC(DISALLOWED) attribute. If you specify NOGENERIC on the SETROPTS command, RACF stops using in-storage generic profile lists but does not immediately delete them. RACF deletes the profile lists at the end of the job or TSO session, or when you again specify GENERIC. When you specify GENERIC, RACF rebuilds the profile lists. Note: You must have the SPECIAL attribute to issue the SETROPTS
GENERIC command by itself. However, to issue SETROPTS GENERIC (classname)
REFRESH, you do not need the SPECIAL attribute. However, you must
have the group-SPECIAL, group-AUDITOR, group-OPERATIONS, AUDITOR,
or OPERATIONS attribute.
For information about SETROPTS REFRESH processing on shared systems, see Refreshing shared systems (REFRESH option). |
Copyright IBM Corporation 1990, 2014
|