Restricting change of history file settings

By default, all users with UPDATE access to a history file can change the history file prefix or the minimum or maximum number of fault entries.

Either of the following methods can be used:

To restrict the change of settings for a given history file using either of the above methods, the security administrator can define an IDI_ADMIN XFACILIT profile for the history file, to which access can be granted as appropriate.

Figure 1. Syntax

1 IDI_ADMIN.history-file-dsn

where history-file-dsn is the fully qualified data set name of the history file.

To change history file settings after the IDI_ADMIN XFACILIT profile is defined, a user must have both of the following access permissions:
  • UPDATE (or greater) access to the IDI_ADMIN XFACILIT profile
  • UPDATE (or greater) access to the history file, through either normal security server data set profiles, or through XFACILIT (for details, see Managing history file fault entry access).
The following sample RACF® commands define an IDI_ADMIN XFACILIT profile for history file MY.HIST and grant Fault Analyzer administrator authorization to change settings for users who are members of group PAYROLL:
RDEFINE XFACILIT IDI_ADMIN.MY.HIST UACC(NONE)
PERMIT IDI_ADMIN.MY.HIST CLASS(XFACILIT) ID(PAYROLL) ACCESS(UPDATE)