Controlling access to File Manager functions with
SAF
SAF controls access to File Manager functions as follows:
If access to the profile FACILITY(FILEM.FUNCTION.fc) in
the FACILITY class is defined (where fc is the function
code), this controls access to the function.
If access to the profile FACILITY(FILEM.FUNCTION.fc) in
the FACILITY class is not defined, the profile name shown in Table 3 (in the form
FILEM.group.name) is used.
If no profile name as shown in Table 3 is
defined, then FILEM.OTHER.ALL is used. If this does not permit access then access is
denied.
Some File Manager functions are protected, by default, by
the FILEM.OTHER.ALL profile. These functions are listed in Table 2.
ALTER, UPDATE or READ access means that the user can use the function.
Access NONE means that the user cannot use the function.
This is illustrated in Figure 1. Figure 1. Access to File Manager functions
For example, the TP function is part of the FILEM.TAPE.INPUT group.
You can control access to the TP function in any of the following
ways:
To give a user access to the TP function, regardless of the user's
access to FILEM.TAPE.INPUT, give the user ALTER, UPDATE, or READ access
to FACILITY(FILEM.FUNCTION.TP).
To prevent a user from using the TP function, regardless of the
user's access to FILEM.TAPE.INPUT, give the user NONE access to FACILITY(FILEM.FUNCTION.TP).
To give a user access to any tape input function, unless overridden
by a FILEM.FUNCTION.fc entry, give the user
ALTER, UPDATE, or READ access to FACILITY(FILEM.TAPE.INPUT).
To prevent a user from using any tape input function, unless overridden
by a FILEM.FUNCTION.fc entry, give the user
NONE access to FACILITY(FILEM.TAPE.INPUT).