home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Software Vault: The Gold Collection
/
Software Vault - The Gold Collection (American Databankers) (1993).ISO
/
cdr28
/
doc_proc.zip
/
SAMP-DOC.ZIP
/
SHARE.DOC
< prev
next >
Wrap
Text File
|
1992-11-16
|
16KB
|
234 lines
*************************************
* *
* CREATING A RACF PROFILE *
* *
* *
*************************************
John S. Ward
03/01/93
EJECT
SHARING DATA SETS WITH OTHER USERS - PANEL 3.11
_________________________________________________________________________
| |
| RACF - SERVICES OPTION MENU |
| OPTION ===> 1 |
| |
| SELECT ONE OF THE FOLLOWING: |
| |
| 1 DATA SET ADD, CHANGE, DELETE, or DISPLAY the profile |
| for a data set. |
| |
| T TUTORIAL View a general description of RACF. |
| |
|_________________________________________________________________________|
The RACF (Resource Access Control Facility) Utility allows "customized"
security profiles to be created for individual Data Sets (Discrete profile)
or for groups of Data Sets (Generic profile). NOTE: allowing access to a
Data Set allows access to ALL members within that Data Set. An access list
may be specified. The following example creates a Discrete profile allowing
universal read access.
1. To access the RACF Utility Menu enter 3.11 on the Primary Command line.
2. Select 1, from the Services Option Menu.
_________________________________________________________________________
| |
| OPTION ===> 1 |
| |
| SELECT ONE OF THE FOLLOWING: |
| |
| 1 ADD Add a profile D DISPLAY Display profile contents |
| 2 CHANGE Change a profile S SEARCH Search RACF data set for |
| 3 DELETE Delete a profile profiles |
| 4 ACCESS Maintain access list |
| 5 AUDIT Monitor access attempts |
| (for auditors only) |
| |
| ENTER DATA SET PROFILE INFORMATION: |
| |
| PROFILE NAME ===> SAS.CNTL |
| GENERIC ===> YES if the profile name is generic |
| TYPE ===> Blank, MODEL, or TAPE |
| VOLUME SERIAL ===> If the data set is not cataloged |
| UNIT ===> If option 1 and VOLUME SERIAL entered |
| DATA SET PASSWORD ===> If the data set is password protected |
| |
| USE MODEL PROFILE ===> YES if the profile is to be modeled |
|_________________________________________________________________________|
3. Enter 1, for ADD, on the Option line. <TAB> to PROFILE NAME.
4. Enter the Project_name.Type_name. (The userid nor Member_name are
required). Press <RET>. The ADD DATA SET PROFILE Panel will be
displayed.
EJECT
__________________________________________________________________________
| |
| RACF - ADD DATA SET PROFILE |
| COMMAND ===> |
| |
| PROFILE NAME: SAS.CNTL |
| |
| ENTER OR CHANGE DATA SET PROFILE INFORMATION: |
| |
| OWNER ===> USGJSW USERID OR GROUP NAME |
| LEVEL ===> 0 0-99 |
| FAILED ACCESSES ===> FAIL FAIL or WARN |
| UACC ===> READ NONE, READ, UPDATE, CONTROL, or ALTER |
| AUDIT SUCCESSES ===> NOAUDIT READ, UPDATE, CONTROL, ALTER, or NOAUDIT |
| AUDIT FAILURES ===> READ READ, UPDATE, CONTROL, ALTER, or NOAUDIT |
| INDICATOR ===> SET SET, NOSET, or ONLY |
| NOTIFY ===> Userid |
| ERASE WHEN DELETED===> Blank or YES |
| |
| TO ADD OPTIONAL INFORMATION, ENTER YES: |
| |
| OTHER VOLUMES ===> NO SECURITY LEVEL/CATEGORIES ===> NO |
| INSTALLATION DATA ===> NO |
| ACCESS LIST ===> NO |
| |
| |
|AltM Mainmenu:AltH Help:VT100: :LED : SA: : :FULL: - - : |
|__________________________________________________________________________|
5. Leave the Option line blank. <TAB> to the UACC (Universal Access) field
and change NONE to READ for read-only access to the data set. Press <RET>.
A message will be displayed that the Profile has been added. The profile
just created allows any user read access to the PDS specified.
EJECT
SPECIFYING AN ACCESS LIST
__________________________________________________________________________
| |
| RACF - ADD DATA SET PROFILE |
| COMMAND ===> |
| |
| PROFILE NAME: SAS.CNTL |
| |
| ENTER OR CHANGE DATA SET PROFILE INFORMATION: |
| |
| OWNER ===> USGJDO USERID OR GROUP NAME |
| LEVEL ===> 0 0-99 |
| FAILED ACCESSES ===> FAIL FAIL or WARN |
| UACC ===> NONE NONE, READ, UPDATE, CONTROL, or ALTER |
| AUDIT SUCCESSES ===> NOAUDIT READ, UPDATE, CONTROL, ALTER, or NOAUDIT |
| AUDIT FAILURES ===> READ READ, UPDATE, CONTROL, ALTER, or NOAUDIT |
| INDICATOR ===> SET SET, NOSET, or ONLY |
| NOTIFY ===> Userid |
| ERASE WHEN DELETED===> Blank or YES |
| |
| TO ADD OPTIONAL INFORMATION, ENTER YES: |
| |
| OTHER VOLUMES ===> NO SECURITY LEVEL/CATEGORIES ===> NO |
| INSTALLATION DATA ===> NO |
| ACCESS LIST ===> YES |
| |
| |
|AltM Mainmenu:AltH Help:VT100: :LED : SA: : :FULL: - - : |
|__________________________________________________________________________|
A user may wish to limit access to a particular group or individual(s). RACF
allows a list to be specified. To accomplish this, follow steps one through
four. Specify NONE at UACC field.
5. <TAB> to ACCESS LIST and enter 'YES' as indicated above. The DATA SET
ACCESS LIST ADD panel will be displayed.
EJECT
__________________________________________________________________________
| |
| |
| RACF - MAINTAIN DATA SET ACCESS LIST - ADD |
| COMMAND ===> |
| |
| PROFILE NAME: SAS.CNTL |
| |
|ENTER AUTHORITY TO BE GRANTED: |
| ACCESS AUTHORITY ===> READ NONE, READ, UPDATE, CONTROL, or ALTER |
| |
|ENTER USER/GROUP ID TO BE ADDED: |
| ===> USG ===> USGEHB ===> USG01 ===> ===> |
| ===> ===> ===> ===> ===> |
| ===> ===> ===> ===> ===> |
| ===> ===> ===> ===> ===> |
| ===> ===> ===> ===> ===> |
| |
|ENTER INFORMATION FOR PROFILE FROM WHICH ACCESS LIST IS TO BE COPIED: |
| PROFILE NAME ===> |
| CLASS ===> DATASET |
| GENERIC ===> YES if the profile name is generic |
| VOLUME SERIAL ===> If a non-cataloged data set profile |
| |
|TO ADD PROGRAM NAMES, ENTER YES ===> |
| |
| |
|AltM Mainmenu:AltH Help:VT100: :LED : SA: : :FULL: - - : |
|__________________________________________________________________________|
6. Leave the Command Line blank. Enter READ at the ACCESS AUTHORITY field.
7. <TAB> to USER/GROUP Section and enter the appropriate information. Press
<RET>. A message will indicate that the profile has been added.
NOTE: To restrict access to a particular group of student (class) ID's,
enter the first five characters as in the example above, ie.; USG01.
Different levels of access may be specified for different users or groups
of users within the same profile. For example, the user may wish to allow
alter access to a fellow professor and read access to a class of students.
Each level of the profile must be created separately. To do this, follow
the steps above to create a profile. After specifying one level of access
and pressing <RET>, select Option 4 from the RACF Option menu. Another
menu will be displayed. Select one to add. This will display the DATA SET
ACCESS LIST Panel at which time another access level/userid combination
may be specified.