Checking authorization during aggregate backup
By using RACF® FACILITY class profile support, you can permit all console operators or any users, including those who are not DFSMShsm authorized, to issue the ABACKUP command.
If the RACF FACILITY class profile support is installed and activated, DFSMShsm checks the RACF profile of the console operators or users for authorization to issue the ABACKUP command. The user ID of OPER must be defined to RACF before console operators can be given authority to issue the ABACKUP command. If the user ID OPER is given authority to the ABACKUP command, then all console operators are authorized to issue the ABACKUP command. You can also define group names to RACF, using the RACF ADDUSER command.
If the RACF FACILITY class profile is not active, only DFSMShsm-authorized users and console operators are authorized to issue the ABACKUP command.
You can define the DFSMShsm ABACKUP command to RACF by defining the following profile names:
| Command | Parameter | RACF Profile |
|---|---|---|
| ABACKUP | STGADMIN.ARC.ABACKUP | |
| ABACKUP | agname | STGADMIN.ARC.ABACKUP.agname |
Through the use of the RACF PERMIT command, you can authorize specific user IDs to issue these commands.
Related reading
- For more information about the RACF FACILITY class control of access to all commands, see Controlling command access with RACF FACILITY class.
- For more information about the RACF FACILITY class control of access to all commands, see z/OS DFSMShsm Implementation and Customization Guide.