Controlling access to the update or read-only functions

The update functions in Table 1 are protected by the profile FILEM.IMS.UPDATE. The read-only functions in this table are protected by the profile FILEM.IMS.RDONLY. As a minimum, you need to define these profiles and grant or deny users access to them.

Enter the following RACF® commands to define these profiles in the FACILITY class:
RDEFINE FACILITY FILEM.IMS.UPDATE UACC(READ or NONE)
RDEFINE FACILITY FILEM.IMS.RDONLY UACC(READ or NONE)
Specify:
  • UACC(READ), if you want users or groups to be granted access to these resources, unless they are specifically denied access.
  • UACC(NONE), if you want users or groups to be denied access to these resources, unless they are specifically granted access.
In the following, assume that:
  • The RDEFINE for the FILEM.IMS.UPDATE profile specifies UACC(NONE), so users and groups are denied access to the update functions unless they are specifically granted access.
  • The RDEFINE for the FILEM.IMS.RDONLY profile specifies UACC(READ), so users and groups are granted access to the read-only functions unless they are specifically denied access.
To grant a user (with user ID userid) or a group (with groupid groupid) access to the update functions, you enter one of the following RACF commands:
PERMIT FILEM.IMS.UPDATE CLASS(FACILITY) ID(userid) ACCESS(READ)
PERMIT FILEM.IMS.UPDATE CLASS(FACILITY) ID(groupid) ACCESS(READ)
To deny a user (with user ID userid) or a group (with groupid groupid) access to the read-only functions, you enter one of the following RACF commands:
PERMIT FILEM.IMS.RDONLY CLASS(FACILITY) ID(userid) ACCESS(NONE)
PERMIT FILEM.IMS.RDONLY CLASS(FACILITY) ID(groupid) ACCESS(NONE)