Customizing the File Manager security environment

File Manager provides security for system-oriented functions through ®either RACF® (or an equivalent security product) or the FMNSECUR exit.

If RACF® or an equivalent security product is active, the System Authorization Facility (SAF) with the File Manager enhanced security facility is used for access control and authorization verification. Authorization is controlled by File Manager-specific profiles in the FACILITY class. See Setting up the security environment by using RACF or an equivalent security product for information on defining profiles. If you use another security product than RACF®, consult the documentation for your product to determine how to define the FILEM facility to your product.

As a minimum, you should define the following individual group profiles:
RDEFINE FACILITY FILEM.DISK.*         UACC(READ)   or NONE
RDEFINE FACILITY FILEM.DISK.FULLPACK  UACC(NONE)
RDEFINE FACILITY FILEM.LOADMOD.UPDATE UACC(READ)   or NONE
RDEFINE FACILITY FILEM.TAPE.*         UACC(READ)   or NONE
RDEFINE FACILITY FILEM.TAPE.BLP       UACC(NONE)
RDEFINE FACILITY FILEM.VSAM.*         UACC(READ)   or NONE
RDEFINE FACILITY FILEM.OAM.*          UACC(READ)   or NONE
RDEFINE FACILITY FILEM.OTHER.ALL      UACC(READ)   or NONE

If RACF® or an equivalent security product is not active at File Manager initialization time, all File Manager special security checks during that File Manager session are passed to the FMNSECUR user exit instead of to SAF.

To use FMNSECUR, it must be installed in the LPA. If the FMNSECUR module is required and it cannot be found in the LPA, an error message is displayed, and File Manager will not initialize.

FMNSECUR is a customizable exit. It provides FMNS macros, which allow you to define a table of user names or job names, File Manager-protectable resources (called profiles), and access levels. For information on FMNSECUR, see Setting up the security environment by using FMNSECUR.

Note: The FMNSECUR module will not be used (even if present) if RACF® or an equivalent security product is active at File Manager initialization time.