Implementing RACF

You can control access to LOCAL COPY PLUS functions by using a RACF-protected resource to grant individual users access to the functions.

To implement RACF control, use JCL similar to what is provided in member LCP#SMA2 in the LCPCNTL data set to assemble the RACF interface and relink the primary LOCAL COPY PLUS panel processor module.

Before allowing an ISPF user to perform functions, LOCAL COPY PLUS issues an RACHECK macro instruction. If the RACHECK macro fails for any reason, the user cannot perform the function or cannot make updates.

ASM source member LCPXSMA2 in the LCPCNTL data set provides the interface to RACF services and issues the RACHECK macro by using the RACF class APPL and an 8-byte resource name. The resource name is constructed as follows:

  • LCP – a fixed resource name prefix selected by BMC for LOCAL COPY PLUS RACF validation.
  • function – the first character of the LOCAL COPY PLUS function to be validated.
  • imsid – the one- to four-character IMSID of the user to be validated.

Note

When the function character is L (for example, for general access to the LOCAL COPY PLUS ISPF panels), the IMSID will always be set to CP2@.

To define the individual resource names to the RACF class APPL, use the RACF (or equivalent) RDEFINE command.

For example, to control general access to the LOCAL COPY PLUS ISPF panels, use LCPLCP2@. To control update access to LOCAL COPY PLUS route-lists for IMSID IMSP, use LCPRIMSP.

Control update access to LOCAL COPY PLUS route-lists for IMSID IMSP

RDEFINE APPL LCPRIMSP UACC(READ)

 

To grant RACF UPDATE authority to authorized user IDs, use the RACF (or equivalent) PERMIT command.

For example, to permit update access to LOCAL COPY PLUS route-lists for the IMSID IMSP, enter the following PERMIT command:

PERMIT LCPRIMSP CLASS(APPL) ID(userid) ACCESS(UPDATE)

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*