DLFCLASS Resource Class—Determine DLF Record Access

Resources › DLFCLASS Resource Class—Determine DLF Record Access

DLFCLASS Resource Class—Determine DLF Record Access

Valid on z/OS.

Use DLFCLASS to determine which users can access DLF record.

Under Release 3.1.3 of z/OS, ESA, the Data Lookaside Facility (DLF) is used to control the loading of data sets into ESA hyperspace by selected jobs. These data sets are identified to CA Top Secret by adding them to the DLF record. Once they've been identified, the DLFCLASS resource class keyword is used to determine which users can access these data sets. For information about the DLF record, see the Implementation: BATCH and STC Guide.

When used with TSS ADDTO/REMOVE, this resource class has the following format:

TSS ADDTO(acid) DLFCLASS(oper,...)

Prefix length: two to twenty‑six characters
Capacity of list: One to five data set names or prefixes per TSS command

Generic prefixing allows the administrator to group a set of similar data sets together, and define them by one generic prefix.

When used with TSS PERMIT/REVOKE, this resource class has the following format:

TSS PERMIT(acid) DLFCLASS(prefix(es))
                  ACCESS(access levels)

Prefix length: Two to forty‑four characters
Capacity of list: One to five data set names, prefixes, or masks per TSS command

DLFCLASS is used with:

The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, and WHOHAS
The DLFCLASS ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADD/REMOVE
The DLFCLASS ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT/REVOKE
DLFCLASS(OWN) authority to ADD or REMOVE ownership of DLF data sets from ACIDs

Note: A fully qualified DLF data set name is PERMITted to an ACID by enclosing in single quotation marks. This will indicate that it is defined to CA Top Secret, not as a prefix, but by its fully qualified name.

Data set masking is another method of reducing the number of DLF data set definitions to implement widespread DLF data set protection.

The administrator can:

Use any of the following methods to control access to DLF data sets: Expiration, Facility, Program Pathing, Time/Day, and Actions.
Specify the access levels: ALL, CREATE, CONTROL, FETCH, NONE, READ, SCRATCH, UPDATE, and WRITE. If ACCESS is not specified, CA Top Secret defaults to READ access.

Example: DLFCLASS resource class

This example gives the Inventory Department (INVDEPT) ownership of the DLF data set known as CICS.MSTR.FILE:

TSS ADDTO(INVDEPT) DLFCLASS(CICS.MSTR.FILE)

This example removes ownership:

TSS REMOVE(INVDEPT) DLFCLASS(CICS.MSTR.FILE)

This example permits USER01 to access the CICS.MSTR.FILE DLF data set:

TSS PERMIT(USER01) DLFCLASS(CICS.MSTR.FILE)

Before issuing this command, verify that CICS.MSTR.FILE has been added to the DLF record.

This example revokes USER01's access to this DLF data set:

TSS REVOKE(USER01) DLFCLASS(CICS.MSTR.FILE)