Re: Using RACROUT and Facility Class

Thu, 29 Jun 2017 18:10:32 -0700 

It's been several years for me also, but this looks like a typical "user space" 
call, the doc here
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.ichc600/auth.htm


calls this a "first-party" type.


Len Rugen

University of Missouri
Division of Information Technology
Systems & Operations - Metrics & Automation Team
________________________________
From: IBM Mainframe Discussion List <[email protected]> on behalf of 
[email protected] <[email protected]>
Sent: Thursday, June 29, 2017 7:53:29 PM
To: [email protected]
Subject: Using RACROUT and Facility Class

Hello
.
I am not a RACF Security Administrator by any means, after reading several 
documents
I need some help setting up a RACF Facility Class and Permitting Access To a
Started Task Userid (STCUSRID) and My Userid (PAULD01).

Do the following RACF Commands Define a Facility Class BLUE_RIBBON.SYS1.MSTRUPDT
and Have I permitted the Started Task Userid (STCUSRID) Update access to the 
Facility
and My Userid PAULD01 Read access ?
*
RDEFINE FACILITY BLUE_RIBBON.SYS1.MSTRUPDT UACC(NONE)
PERMIT  BLUE_RIBBON.SYS1.MSTRUPDT CLASS(FACILITY) ID(STCUSRID) ACCESS(UPDATE)
PERMIT  BLUE_RIBBON.SYS1.MSTRUPDT CLASS(FACILITY) ID(PAULD01) ACCESS(READ)
*
*
No for the code ...
*
*
FACILITY$ DC   CL8'FACILITY'
STEM      DC   H'00',H'00'
          DC   CL13'BLUE_RIBBON.SYS1.MSTRUPDT'
STEM#    EQU   *-STEM
*
         DS    0D
RACLAB   RACROUTE REQUEST=AUTH,ATTR=READ,CLASS='FACILITY',            XX
               RELEASE=1.9,MF=L
         DS  XL8
RACLAB#  EQU  *-RACLAB

         MVC  SEC_ENTITY,STEM

         RACROUTE REQUEST=AUTH,                                       **
               WORKA=(R10),                                           **
               ATTR=READ,                                             **
               ENTITYX=SEC_ENTITY,                                    **
               CLASS=FACILITY$,                                       **
               MSGSUPP=NO,                                            **
               LOG=ASIS,                                              **
               MF=(E,RACLAB)
*
*
Does the Above RACROUTE REQUEST=AUTH macro verify that the userid has
Read Authority to the Facility ?
Have I coded it properly ?
.
.
Without specifying a Userid, Is the ACEE used to verify the user ?
*
*
Should a Userid be explicitly specified on the command ?
*
*
Thank You
Paul D'Angelo
*

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to