Permissions in Z/OS 2

JCW2
JCW2 used Ask the Experts™
on
This question is a continuation of http://www.experts-exchange.com/OS/MainFrame_OS/Q_26529025.html. How do I use the panels in Z/OS to set a RACF profile, or how do I do it from the command shell?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014

Commented:
You need to be a bit more specific.  

Exactly what do you want to do?  In the other question you wanted to allow either everybody or a specific person access to a specific file.

Author

Commented:
I need to set permissions for a specific person to access a specific file.
Top Expert 2014

Commented:
If you have a specific password then you can issue the command:

PERMIT 'DATA.SET.NAME' ID(userid) ACCESS(READ)

where DATA.SET.NAME is the full file name, userid is the userid of who you want to give access to and "READ" is what you want to allow them to do.

If you want to give them write  access, then replace READ with WRITE.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2014

Commented:
Ops not WRITE, but UPDATE if you want them to be able to write to the file.

Author

Commented:
I got:

ICH06004I IBM0428.RACF.READ NOT DEFINED TO RACF
Top Expert 2014

Commented:
Is IBM0428.RACF.READ the name of the file you want to  allow somebody else to read?
Top Expert 2014

Commented:
You may want to see how this dataset might be protected.

Try issuing the following command:

     listdsd dataset('IBM0438.*')

and post the response.

Author

Commented:
Response: ICH35003I NO RACF DESCRIPTION FOUND FOR IBM0438.*

Yes, IBM0428.RACF.READ is the dataset I'm working with. the user id being worked with is ZUSERID.
Top Expert 2014

Commented:
O.K, that means there is no RACF profile for IBM0438 yet.

Try:

     ADDDS IBM0428.* UACC(????) GENERIC

Where ????? is what you want the default access to all files that start with the HLQ of IBM0428.  Then try the permit command.

The ADDDS adds a generic data set profile.

Author

Commented:
I don't have "ADDDS;" I recieved

"IKJ56500I COMMAND ADDDS NOT FOUND"
Top Expert 2014

Commented:
Ops, should be ADDSD

Author

Commented:
I used that, and used permit, and the permit command didn't work.

I used: PERMIT 'ibm0428.racf.read' ID(ZUSERID) ACCESS(read).
Top Expert 2014

Commented:
Did you do it AFTER you did the ADDSD?

Author

Commented:
Yes. I just made sure, and tried to get the input in in a correct way.
Top Expert 2014

Commented:
Did the ADDSD command work?

Author

Commented:
Yes.
Top Expert 2014

Commented:
Does the data set ibm0428.racf.read actually exist?
Top Expert 2014
Commented:
O.K. did some testing on my system.

     addsd dataset('ibm0428.racf.read') uacc(none) generic
     permit 'ibm0428.racf.read' ID(ZUSERID) ACCESS(read)

will work.  To get rid of the profile (and thus the permit)

     deldsd dataset('ibm0428.racf.read') generic

General RACF commands can be found here:

http://utkvm1.utk.edu/racf.html

Author

Commented:
Thank you for your help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial