Skip to Content
Information
Space announcement We are no longer updating this version of the documentation for the infrastructure components (DBC, LGC, and NGL).  You can no longer leave comments on it. For the latest version of the documentation, see Common Mainframe Infrastructure 2022 release.

Controlling access to DBC resources

The DBC subsystem always issues a Security Access Facility (SAF) security call for internal resource names. By default, if those resource names are not defined to an ESM, access to undefined DBC resources (internal functional control points) is granted for all users who can communicate to the DBC service address space. This behavior occurs because the value of the DBC <ALLOW_SAF_RC4> security parameter defaults to YES.

If you want to restrict access to DBC services that have not been defined as a resource to SAF, you must set the value of the <ALLOW_SAF_RC4> security parameter to NO. Doing so denies access to all undefined resources.

The following figure shows an example of the ALLOW_SAF_RC4 value.

Example of the ALLOW_SAF_RC4 value

<DBCSECUR>
   <RESOURCE_NAME>
   ...
   </RESOURCE_NAME>
   <ALLOW_SAF_RC4>NO</ALLOW_SAF_RC4>
</DBCSECUR>

You control this value through DBC security parameters defined in a file identified through the DBCSECUR DD statement in the JCL procedure for the DBC started task.



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

Common mainframe infrastructure 2016 release