Customizing the File Manager security environment
File Manager provides security for system-oriented functions through RACF® (or an equivalent security product).
If RACF® or an equivalent security product is active, the System Authorization Facility (SAF) with the File Manager enhanced security facility is used for access control and authorization verification. Authorization is controlled by File Manager-specific profiles in the FACILITY class. See Setting up the security environment by using RACF or an equivalent security product for information on defining profiles. If you use another security product than RACF®, consult the documentation for your product to determine how to define the FILEM facility to your product.
As a minimum, you should:
- Define the following
profiles:
RDEFINE FACILITY FILEM.DISK.* UACC(READ) or NONE RDEFINE FACILITY FILEM.DISK.FULLPACK UACC(NONE) RDEFINE FACILITY FILEM.LOADMOD.UPDATE UACC(READ) or NONE RDEFINE FACILITY FILEM.TAPE.* UACC(READ) or NONE RDEFINE FACILITY FILEM.TAPE.BLP UACC(NONE) RDEFINE FACILITY FILEM.VSAM.* UACC(READ) or NONE RDEFINE FACILITY FILEM.OAM.* UACC(READ) or NONE RDEFINE FACILITY FILEM.OTHER.ALL UACC(READ) or NONE - Define data set profiles for data sets allocated to FMNAUTH DD with UACC(NONE). For more details, see Preparing for File Manager Remote Services.
- Set up your storage management routines so that data sets allocated to FMNAUTH DD are encrypted. For more details, see Preparing for File Manager Remote Services.
- Transition from the use of *PASSWORD=REMEMBER to *PASSWORD=PASSTICKET in FM/CICS. *PASSWORD=REMEMBER will be deprecated in a future release. See sections Checklist for installing and customizing File Manager to access CICS resources and Modifying and submitting FMN3INST and FMN3PRFD for further details.