RACF resource profiles

To secure 

XBM

functions by using RACF security, you should use one or more RACF resource profiles that are defined with a class of Facility.

A facility-class resource profile lets you protect your nonstandard resources, such as program actions. These resource profiles let you control access to one or more resources with similar names and identical security requirements and protect a group of related resources.

Related topic

Granting-user-authorizations-for-SNAPSHOT-UPGRADE-FEATURE


Important

Each user or group that is given access to an XBMRACF resource profile must have an access level of Control or higher.

Define a RACF resource profile as follows:

BMCXBM.<ssid>.<action>.<object>

The variables represent the following values:

  • BMCXBM specifies that the profile is for XBM.
  • ssid represents the name of the XBMsubsystem.
  • action represents the XBMfunction to be secured.
  • object represents the XBMobject or resource name to be secured.

Wildcard patterns are supported for ssid, action, and object, according to RACF rules.

The following table defines the values for action and object.

Action

Object

Action description

ADMIN

CONFIG

Activates a configuration

MS

Activates or deactivates a management set

COPY

EMCSYMM

Splits a Business Continuance Volume (BCV) device

PPRC

Splits a Peer-to-Peer Remote Copy (PPRC) device

MAINT

CONFIG

Adds, updates, deletes, or renames a configuration

MS

Adds, updates, deletes, or renames a management set

OPTION

Changes XBM, IMS, PSS, SSI, and VSAM options

PROTECT

EMCSYMM

Controls the hold or release of a BCV device

RESET

DATASET

Resets data set statistics

RESTORE

EMCSYMM

Restores or incrementally restores a standard volume from a BCV

SNAP

DATASET

Controls Instant Snapshot support for utility jobs

VVOLUME

Controls hardware snapshot support for virtual volumes

SSIALLOW

LMIRROR

Controls the SSI option to make local mirrors available for EMC Symmetrix Remote Data Facility (SRDF) snapshots

RMIRROR

Controls the SSI option to make remote mirrors available for EMC SRDF snapshots

SYNC@REG

Controls the SSI option to synchronize EMC BCVs at snapshot registration

SYNC

EMCSYMM

Establishes or reestablishes a BCV from a standard volume

PPRC

Establishes or reestablishs a PPRC volume from a standard volume

SYSTEM

COMPONENT

Starts or stops the XBM, Db2, IMS, PSS, SSI, and VSAM components

SENDCMD

Explicitly or implicitly issues the XBMSEND command to communicate with a utility job that is connected to the utility monitor

SIMULATE

Sets simulate mode (not supported for snapshot processing)

STOPXBM

Terminates XBMprocessing

SNAPSHOT

Runs jobs that use XBMsnapshot utilities

UTILJOB

Connects to the utility monitor (for users of snapshot utilities)

ZIIP


Uses zIIP feature


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*