XFACILIT implementation example 2: Using global access table
To use a history file TEST.ZZ.HISTORY.DEFAULT and have fault entry access protected by group ID
and user ID, first prevent general access to the data set:
ADDSD 'TEST.ZZ.HISTORY.**' UACC(NONE)
Then, to allow Fault Analyzer to grant access to the
individual fault entry members in the PDS or PDSE data set, based on group ID and user ID, set up
the XFACILIT class using the global access table:
SETROPTS GLOBAL(XFACILIT)
RDEFINE GLOBAL XFACILIT (<-- not required if already defined)
RALTER GLOBAL XFACILIT ADDMEM(IDIHIST_GROUP_DSN.&RACGPID.TEST.ZZ.HISTORY.**/ALTER)
RALTER GLOBAL XFACILIT ADDMEM(IDIHIST_USERID_DSN.&RACUID.TEST.ZZ.HISTORY.**/ALTER)
SETROPTS GLOBAL(XFACILIT) REFRESH
The global access table allows &RACUID and &RACGPID and
so reduce the administrative effort.
Note:
- For RACF®, the &RACUID and &RACGPID only works for profiles listed in the global access table.
- It is a RACF® requirement, given how Fault Analyzer determines access authorization, that any
XFACILIT profiles in the global access table are backed by a matching real XFACILIT profile. For
example, add the following real XFACILIT profiles in order to enable the global access table
profiles used here:
PROFILE NOPREF RDEFINE XFACILIT IDIHIST_GROUP_DSN.*.TEST.ZZ.HISTORY.** UACC(NONE) RDEFINE XFACILIT IDIHIST_USERID_DSN.*.TEST.ZZ.HISTORY.** UACC(NONE) SETR REFR RACLIST(XFACILIT)
The above XFACILIT definitions cover all history file data set
names starting with the TEST.ZZ.HISTORY qualifiers, for example:
- TEST.ZZ.HISTORY.DEFAULT
- TEST.ZZ.HISTORY.PAYROLL
- TEST.ZZ.HISTORY.CICS.SYS01