Belkin F5D5230-F Installationshandbuch PDF herunterladen (Seite 13)

For example, READ access to ‘DATASET.BASE.?’ allows a

user to read any field in the base segment of any dataset profile,

even if a more specific ‘field-level’ profile exists, for example

‘DATASET.BASE.OWNER’.

Note that you should take care when implementing field-level access

control, as it can change the behaviour of standard RACF commands

by allowing/restricting access to specific fields on a GLOBAL basis.

Profiles of the form ‘class.USERDATA.field’ will not affect standard

RACF commands, but ‘class.segment.field’ may.

RACF command processors and panels support field-level access

checking only for fields in segments other than the BASE segments

of RACF profiles. MCINTY performs field-level checking in all

segments.

See the OS/390 Security Server (RACF) Security Administrator’s

Guide for information on activating and using field-level access.

&RACUID

Placing &RACUID on the access list for an authorization profile in

the FIELD class is supported, even if the class is not raclisted.

This is checked only when users perform an operation on their own

user profile.

It can only be used to give users access to fields (userdata or standard)

in their own user profile, either for read or update.

Note that &RACUID does not work on generic Authprof profiles for

userdata fields, eg ‘USER.USERDATA.*’. This is because

USERDATA is not recognized as a valid segment name in normal

RACF processing and is thus not supported by field level access

checking as specified by FLDACC=YES on the ICHEINTY macro

interface.

SPECIAL FIELDS

Repeat groups

A repeat group consists of one or more sequential fields within a

1 2 ... 8 9 10 11 12 13 14 15 16 17 18 ... 114 115

Keine Kommentare

Belkin F5D5230-F Installationshandbuch Seite 13