Implementing External Security with RACF › Add User Access to Product Resources

Add User Access to Product Resources

As the Administrator, you need two users added to your RACF external security package with the following access privileges:

• Provide user1 with READ access to address AOF (permitting safe verbs such verbs as LIST).
• Provide user2 with UPDATE access to address AOF (permitting all verbs).

Use one of the following methods to implement the desired access permissions to address AOF.

• Run the supplied DEFSAF REXX utility either with or without GROUPS as follows:
  • Execute the supplied REXX program DEFSAF without using GROUPS(N):

    TSO OX 'opshql.OPS.REXX(DEFSAF)’ OPSAOF ACT(PERMIT) SAFRO(user1)
    TSO OX 'opshql.OPS.REXX(DEFSAF)’ OPSAOF ACT(PERMIT) SAFRW(user2)
    

  • Execute DEFSAF with GROUPS(N) to permit the same access without using groups:

    TSO OX 'opshlq.CCLXEXEC(DEFSAF)' OPSAOF ACT(PERMIT) SAFRO(user1) GROUPS(N)
    TSO OX 'opshlq.CCLXEXEC(DEFSAF)' OPSAOF ACT(PERMIT) SAFRO(user2) GROUPS(N)
    

  Note: Be sure that you ran DEFSAF earlier in batch mode (BATCH=Y) to create the basic RACF groups.

• Issue the following RACF commands from TSO or from a self-styled REXX:

  CONNECT (user1)  GROUP(OPSAOF)  OWNER(OPSS)
  CONNECT (user1)  GROUP(OPSAOFR) OWNER(OPSS)
  

  Note: Be sure that you ran DEFSAF earlier in batch mode (BATCH=Y) to create the basic RACF groups.

• Issue the following RACF PERMIT command to add user1 directly under the resource OP$MVS.OPSAOF:

  PERMIT ‘OP$MVS.OPSAOF’   CLASS(FACILITY) ACCESS(READ)   ID(user1)
  PERMIT ‘OP$MVS.OPSAOF’   CLASS(FACILITY) ACCESS(UPDATE) ID(user2)