A security check verifies if the user is authorized to specify the user ID (owner) in the rule definition. The class checked is always FACILITY.
RACF Security
The entity checked for this verification is:
$$CTOORD.qname.owner
where owner is the user ID specified as the owner of the Control‑O rule.
TopSecret Security
The entity checked for this verification is:
$$CTOORD.qname.owner
where owner is the user ID specified as the owner of the Control‑O rule.
Use the following command to permit USERA to order Control‑O rules owned by USERB:
TSS PERMIT(USERA) IBMFAC($$CTOORD.qname.USERB) ACC(READ)
ACF2/SAF Security
The entity checked for this verification is:
$$CTOORD.qname.owner
where owner is the user ID specified as the owner of the Control‑O rule.
Use the following command to permit USERA to order Control‑O rules owned by USERB:
SET RESOURCE(CMF)
COMP
$KEY($$CTOORD.qname.owner) TYPE(CMF)
UID(USERA) ALLOW
Parent Topic |