You can use RACF® FACILITY resource class to control the activation of the SMS configuration and to perform various catalog and DFSMSdss functions against system-managed data sets.

STGADMIN.IGD.ACTIVATE.CONFIGURATION, the FACILITY resource class profile, controls your ability to activate an SMS configuration from ISMF. You must define this RACF profile to use the ACTIVATE command from ISMF. An operator message is issued if the FACILITY resource class is inactive, or if the named profile does not exist. The operator must then confirm the request to activate the new configuration.

The following example shows the RACF commands issued to activate an SMS configuration:

• SETROPTS CLASSACT(FACILITY)
  
  RDEFINE FACILITY STGADMIN.IGD.ACTIVATE.CONFIGURATION UACC(NONE)
  
  PERMIT STGADMIN.IGD.ACTIVATE.CONFIGURATION CLASS(FACILITY) -
         ID(STGADMIN) ACCESS(READ)

You can define general resource profiles to protect specialized DFSMSdss and access method services functions that are designed to protect the integrity of system-managed data sets. For example, you can use the BYPASSACS keyword when copying or restoring data sets using DFSMSdss. This overrides SMS class assignments and creates non-system-managed data sets or system-managed data sets having externally-supplied classes. The BYPASSACS keyword prevents your ACS routines from running. The ability to uncatalog a data set is protected also because of the criticality of cataloging with system-managed storage.

You can create a separate RACF profile to individually authorize each function, keyword, and command for system-managed data sets. Or, using the common high-level qualifier STGADMIN, you can create RACF generic profiles for command or operation authorization.

Related Reading: For a list of the profiles you must define to protect catalog and DFSMSdss functions for system-managed data sets, see z/OS DFSMSdfp Storage Administration.