Controlling access to the update or read-only functions
The update functions in Protected FM/IMS Functions are protected by the profile FILEM.IMS.UPDATE. The read-only functions in this table are protected by the profile FILEM.IMS.RDONLY. As a minimum, you need to define these profiles and grant or deny users access to them.
Enter the following RACF® commands to define these profiles
in the FACILITY
class:
RDEFINE FACILITY FILEM.IMS.UPDATE UACC(READ or NONE)
RDEFINE FACILITY FILEM.IMS.RDONLY UACC(READ or NONE)- UACC(READ), if you want users or groups to be granted access to these resources, unless they are specifically denied access.
- UACC(NONE), if you want users or groups to be denied access to these resources, unless they are specifically granted access.
In the following, assume that:
- The RDEFINE for the FILEM.IMS.UPDATE profile specifies UACC(NONE), so users and groups are denied access to the update functions unless they are specifically granted access.
- The RDEFINE for the FILEM.IMS.RDONLY profile specifies UACC(READ), so users and groups are granted access to the read-only functions unless they are specifically denied access.
To grant a user (with user ID userid) or a group (with groupid groupid)
access to the update functions, you enter one of the following RACF® commands:
PERMIT FILEM.IMS.UPDATE CLASS(FACILITY) ID(userid) ACCESS(READ)
PERMIT FILEM.IMS.UPDATE CLASS(FACILITY) ID(groupid) ACCESS(READ)To deny a user (with user ID userid) or a group (with groupid groupid)
access to the read-only functions, you enter one of the following RACF® commands:
PERMIT FILEM.IMS.RDONLY CLASS(FACILITY) ID(userid) ACCESS(NONE)
PERMIT FILEM.IMS.RDONLY CLASS(FACILITY) ID(groupid) ACCESS(NONE)