Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Setting up access authorization z/OS MVS Programming: Resource Recovery SA23-1395-00 |
|
If your installation uses the RACF component of SecureWay for z/OS, you can control access to the information and actions the panels provide. In a Parallel Sysplex®, you can configure RRS to allow a user to manage all the RRS images in the sysplex from a single image. Access to RRS system management functions is controlled by two RACF® resources. To control RRS access across a sysplex, RRS uses the MVSADMIN.RRS.COMMANDS.gname.sysname resource in the FACILITY class, where gname is the logging group name, and sysname is the system name. You may create a RACF profile to permit access to multiple logging groups and systems by including RACF valid generic characters (**, *, and %) in gname and sysname. See the z/OS Security Server RACF Security Administrator's Guide and z/OS Security Server RACF Command Language Reference for more information about using these RACF generic characters and defining RACF profiles. By permitting appropriate access, you can allow users to view or alter RRS information on any number of systems in the sysplex. If you are running RRS on a single system, RRS can use either the
MVSADMIN.RRS.COMMANDS.gname.sysname resource
or the MVSADMIN.RRS.COMMANDS resource in the FACILITY class to control
access to RRS system management functions. The MVSADMIN.RRS.COMMANDS
resource only allows access to RRS system management functions on
the current system. You cannot use MVSADMIN.RRS.COMMANDS to allow
or disallow use of RRS on another system.
Note: This restriction does
not apply to shared restart or RRS log stream data being used by the
local system. Access to the log stream datasets
requires the appropriate authorization for the system logger address
space to the hlq.data_set_name resource
in the DATASET class for each DASD log stream and staging data set.
Use the MVSADMIN.RRS.COMMANDS.gname.sysname resource
to control access to use RRS services to view or modify information
in the logs, including the restart log, of logging groups that are
not being used by the local system.
For example:
|
Copyright IBM Corporation 1990, 2014
|