You can limit the use of FlashCopy® commands
by defining resource profiles in the RACF® Facility
class and restricting access to these profiles. To use a protected
command, you need read-access authority to the applicable profile.
For FlashCopy commands,
there are two RACF Facility
class resource profile names:
- STGADMIN.ANT.ESFC.COMMANDS
- STGADMIN.ANT.ESFC.FCQUERY
Note: Authorize FCQUERY command use with the STGADMIN.ANT.ESFC.COMMANDS
profile or the STGADMIN.ANT.ESFC.FCQUERY profile. FlashCopy first checks STGADMIN.ANT.ESFC.COMMANDS
for authorization. If authorization is not permitted with STGADMIN.ANT.ESFC.COMMANDS, FlashCopy checks the STGADMIN.ANT.ESFC.FCQUERY
profile for authorization to issue the FCQUERY command.
Examples: The
following RACF command examples
activate the RACF FACILITY
class, define the profile for the FlashCopy commands,
and give
user STGADMIN authority to use this profile:
- Activate the RACF FACILITY
class:
- SETROPTS CLASSACT(FACILITY)
- Define the profile
for FlashCopy commands,
and authorize user STGADMIN to use this profile:
- RDEFINE FACILITY STGADMIN.ANT.ESFC.COMMANDS UACC(NONE)
- PERMIT
STGADMIN.ANT.ESFC.COMMANDS CLASS(FACILITY) ID(STGADMIN)
ACCESS(READ)
For additional information about
activating the RACF facility
class, and how to define and authorize
users to the FlashCopy command
profiles, refer to z/OS Security Server RACF Security Administrator's Guide.