Security Options

The programs in the FDR system, as a default, do not invoke any type of security when dumping or restoring data sets or volumes. Since FDR does not open individual data sets, most security checks are bypassed for FDR operations unless the security administrator creates an FDR.NOALLCALL profile, or you enable the security option documented below. By default, all security options are disabled and no security checking is done.

The FDR.NOALLCALL profile is discussed in Security.

Tip

All installations with a SAF-compatible security system, including IBM RACF, CA TOP SECRET, and CA ACF2, should create an FDR.NOALLCALL profile or enable the ALLCALL option, to activate security checking.

Panel A.I.4.1 – Set FDR Global Security Options

Set FDR Global Security Options –Panel A.I.4.1

ABROPSEC - FDR INSTALLATION -- SET FDR GLOBAL SECURITY OPTIONS ----------------
COMMAND ===>


ALLCALL RACF ALWAYS CALL OPTION ENABLED............................ NO


NOABSTRK ABSOLUTE TRACK OPERATIONS ALLOWED.......................... YES


NONEW RENAME USING NEWDD, NEWNAME, NEWINDEX AND NEWGROUP ALLOWED. YES 

ALLCALL

If set to “YES”, FDR does SAF-compatible security checks for volumes and data sets. The types of security calls issued by ALLCALL for each type of FDR operation are detailed in Security

NOABSTRK

If set to “NO”, prevents FDRDSF from doing any absolute track operations (SELECT FROM/TO) since no data set-level checking can be done for this type of DASD access.

NONEW

If set to “NO”, data sets may not be restored or copied to a new name. This causes the operands NEWNAME, NEWGROUP, NEWDD, and NEWINDEX to be treated as invalid.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*