All Beta product security checking takes place using the SAF (System Authorization Facility) calling conventions of RACF (Resource Access Control Facility), or an equivalent SAF-compatible security product. Beta product resources are defined to RACF in the user resource class $BETA.
All the resource classes used in the RACF installation are defined in the RACF class descriptor table. Classes can be defined as static classes or as dynamic classes.
Member RACF#CDT in the BSA.SAMPLIB contains a set of sample RACF commands for defining $BETA as a static class or as a dynamic class.
Modify the sample members to suit your security requirements. Parameters ID= (static classes only) and POSIT= (static and dynamic classes) must be modified so that they are unique at your installation.
Member RACF#ASM in the BSA.SAMPLIB contains a sample job to assemble and link the class descriptor table.
Defining a static class requires an IPL to enable this class to take effect.
Defining a dynamic class does not require an IPL.
IBM recommendation: All classes that are not standard IBM classes should be defined dynamically.
Following is an example for defining $BETA as a static class:
+-----------------------------------------------------------------------+
| PRINT GEN |
|$BETA ICHERCDE CLASS=$BETA, + |
| ID=145, + |
| MAXLNTH=64, + |
| FIRST=ANY, + |
| OTHER=ANY, + |
| POSIT=45, + |
| OPER=NO, + |
| DFTUACC=NONE |
| ICHERCDE |
| END |
+-----------------------------------------------------------------------+
Note: An IPL is necessary for this newly defined class to take effect.
Following is an example for defining $BETA as a dynamic class:
+-----------------------------------------------------------------------+
| RDEFINE CDT $BETA CDTINFO( + |
| MAXLENGTH(64) + |
| FIRST(ALPHA,NATIONAL,NUMERIC,SPECIAL) + |
| OTHER(ALPHA,NATIONAL,NUMERIC,SPECIAL) + |
| POSIT(45) + |
| OPERATIONS(NO) + |
| DEFAULTUACC(NONE) + |
| ) |
+-----------------------------------------------------------------------+
Note: SETROPTS RACLIST (CDT) REFRESH must be executed for this newly defined class to take effect.
The samples are defined as follows:
Note: The set of characters that can be used is restricted by the Beta product security exit BnnUXSEC, which allows only a subset of special characters for resource names. See the description of the sample product security exit in the product Installation and System Guide for a list of permitted characters.