RACF command example

Overview

The following is a sample of RACF commands that can be used to protect Adabas Audit Data Retrieval resources.

If enhanced generic naming is switched on (EGN), the resource name should be 'B97.*.**'.

Example

  1. To protect all Adabas Audit Data Retrieval functions, the RACF security administrator enters:

    RDEFINE $BETA (B97.*) UACC(NONE)

    and grants TSO user SYS001 authority to access all Adabas Audit Data Retrieval functions and resources using the following command:

    PERMIT B97.* CLASS($BETA) ID(SYS001) ACCESS(READ)

  2. To protect access to administrative functions (definitions under option 2 and option A, line commands A, UA, R, UR, V, NV, and UV under option 1), the RACF security administrator enters:

    RDEFINE $BETA (B97.*.ADM) UACC(NONE)
    RDEFINE $BETA (B97.*.DF*) UACC(NONE)
    RDEFINE $BETA (B97.*.ARC*) UACC(NONE)
    RDEFINE $BETA (B97.*.RLD*) UACC(NONE)

    and grants TSO users ADM001 and ADM002 authority to access the Adabas Audit Data Retrieval administrative functions.

    ADM001 is responsible for list/report and index definitions:

    PERMIT B97.*.DF* CLASS($BETA) ID(ADM001) ACCESS(READ)

    ADM002 is responsible for archiving, reloading, and other administrative functions:

    PERMIT B97.*.ARC* CLASS($BETA) ID(ADM002) ACCESS(READ)
    PERMIT B97.*.RLD* CLASS($BETA) ID(ADM002) ACCESS(READ)
    PERMIT B97.*.ADM CLASS($BETA) ID(ADM002) ACCESS(READ)

  3. To protect access to lists, the RACF security administrator enters:

    RDEFINE $BETA (B97.*.BRW*) UACC(NONE)
    RDEFINE $BETA (B97.*.IDX*) UACC(NONE)
    RDEFINE $BETA (B97.*.DEL*) UACC(NONE)
    RDEFINE $BETA (B97.*.PRT*) UACC(NONE)

    and grants TSO user USR001 authority to access all lists.

    PERMIT B97.*.BRW* CLASS($BETA) ID(USR001) ACCESS(READ)
    PERMIT B97.*.IDX* CLASS($BETA) ID(USR001) ACCESS(READ)
    PERMIT B97.*.DEL* CLASS($BETA) ID(USR001) ACCESS(READ)
    PERMIT B97.*.PRT* CLASS($BETA) ID(USR001) ACCESS(READ)

  4. TSO user USR002, on the other hand, should have access to the list XYZ.TST, only. To ensure this, the RACF security administrator enters:

    RDEFINE $BETA (B97.*.BRW.XYZ.TST.#) UACC(NONE)
    RDEFINE $BETA (B97.*.DEL.XYZ.TST.#) UACC(NONE)
    RDEFINE $BETA (B97.*.IDX.XYZ.TST.#) UACC(NONE)
    RDEFINE $BETA (B97.*.PRT.XYZ.TST.#) UACC(NONE)
    PERMIT B97.*.BRW.XYZ.TST.# CLASS($BETA) ID(USR001 USR002) ACCESS(READ)
    PERMIT B97.*.IDX.XYZ.TST.# CLASS($BETA) ID(USR001 USR002) ACCESS(READ)
    PERMIT B97.*.DEL.XYZ.TST.# CLASS($BETA) ID(USR001 USR002) ACCESS(READ)
    PERMIT B97.*.PRT.XYZ.TST.# CLASS($BETA) ID(USR001 USR002) ACCESS(READ)

  5. Finally, the security administrator performs an in-storage generic refresh to the generic in-storage profiles.

    SETROPTS REFRESH GENERIC(*)