Extended Definition Mode

A security check verifies if the user is authorized to specify the user ID (owner) in the rule definition. The class checked is always FACILITY.

RACF Security

The entity checked for this verification is:

$$CTOORD.qname.owner

where owner is the user ID specified as the owner of the Control‑O rule.

TopSecret Security

The entity checked for this verification is:

$$CTOORD.qname.owner

where owner is the user ID specified as the owner of the Control‑O rule.

Use the following command to permit USERA to order Control‑O rules owned by USERB:

TSS PERMIT(USERA) IBMFAC($$CTOORD.qname.USERB) ACC(READ)

ACF2/SAF Security

The entity checked for this verification is:

$$CTOORD.qname.owner

where owner is the user ID specified as the owner of the Control‑O rule.

Use the following command to permit USERA to order Control‑O rules owned by USERB:

SET RESOURCE(CMF)
COMP
$KEY($$CTOORD.qname.owner) TYPE(CMF)
UID(USERA) ALLOW