Policy statement examples

  • The basic syntax for a policy statement that updates a check should look something like this:
    ADDREPLACE POLICY STMT(statement_name) UPDATE CHECK(check_owner,
    check_name) options REASON(’reason_for_change’) DATE(yyyymmdd) 
    The ADDREPLACE POLICY statement is identified by the statement name defined in the STMT parameter. If you have already defined a policy statement with the same name, the system replaces it with the new policy statement, as long as the DATE specified is more current than the existing one. For this reason, be careful when you specify ADDREPLACE with a policy statement name that already exists, because you'll most likely be overwriting the old policy statement with your new one.
  • Make all checks low severity except for UNIX System Services checks:
    ADDREPLACE POLICY STMT( LOW ) UPDATE CHECK(*,*) 
    SEVERITY(LOW) (’Make all checks low severity to start’) DATE(20061130) 
    
    ADDREPLACE POLICY STMT( USSMED ) UPDATE CHECK(IBMUSS,*) 
    SEVERITY(MEDIUM) REASON(’Make all USS checks medium severity’) DATE(20061130) 
    • Policy statement  LOW  makes all checks low severity
    • Policy statement  USSMED  then makes the UNIX System Services checks medium severity
  • Update the severity value for all IBMGRS checks:
    ADDREPLACE POLICY STMT(POL4) UPDATE CHECK(IBMGRS,*)
        SEVERITY(HIGH) REASON('change policy') DATE(20050901)
    The system applies the values to all:
    • Existing IBMGRS checks
    • New IBMGRS checks added later
    These same values will be applied to all IBMGRS checks every time they are refreshed or added.
  • Apply the following changes to all checks:
    • Apply a severity of HIGH
    • Apply a WTO type of IMMEDIATE
    • Use additional descriptor code 16
    • Use routing codes 126,127
    ADDREPLACE POLICY STMT(POL3) CHECK(*,*) UPDATE SEVERITY(HIGH) 
       WTOTYPE(IMMEDIATE) DESCCODE(16) ROUTCODE(126,127) 
       REASON(Updating all my checks) DATE(20050920)
  • Delete a check:
    ADDREPLACE POLICY STMT(DEL1) DELETE Check(IBMRACF,RACF_GRS_RNL)
    We recommend that you delete checks in your policy, see Why does my check reappear after I delete it? Understanding delete processing for details.