Configuration of Security - RACF Class

RACF Class

All components use the Universal Agent RACF class $UNV. The class name can be changed if local requirements require it.

To install the Universal Agent RACF class, perform the following steps:

Step 1

Modify your local RACF class descriptor table by adding the following entry to ICHRRCDE:
 

ICHERCDE CLASS=$UNV,            +
      CASE=ASIS,                +
      FIRST=ANY,                +
      OTHER=ANY,                +
      MAXLNTH=246,              +
      DFTUACC=NONE,             +
      ID=128,                   +
   POSIT=128

Step 2

Modify the ID and POSIT values to meet local requirements.
 
Support for the CASE parameter was added in z/OS 1.2. Case-sensitive profile names are necessary for USS path name support in the standard I/O access profiles. See Universal Command Standard I/O Access Profile for details.
 
Care must be taken when defining case-sensitive profile names so that the profile characters are typed with the desired case. RACF will not automatically upper case the profile names. If the wrong case is used, the desired profile will not be found. If the standard I/O profiles are not necessary or USS path name support is not necessary, the CASE parameter can be removed.
 
Sample assemble and link edit JCL is provided in member UNVRRCDE in the INSTALL library. IBM provides a sample ICHRRCDE table and the JCL to assemble and link edit it in SYS1.PARMLIB(RACTABLE).

Step 3

Modify your local RACF routing table by adding the following entry to ICHRFR01.
 

ICHRFRTB CLASS=$UNV,      +
   ACTION=RACF

 
Sample assemble and link edit JCL is provided in member UNVRFR01 in the INSTALL library.
 
IBM provides a sample ICHRRCDE table and the JCL to assemble and link edit it in SYS1.PARMLIB(RACTABLE).

Step 4

If you changed the default RACF class name $UNV to another name, the UCMD, UCTL, and UEM load modules must be modified to include the same class name.
(If you did not change the default class name, skip this step.)

  1. Member UCMCMVS in the INSTALL library contains an SMP/E USERMOD to apply the modification to the UCMD load module. Change the USERMOD to the new class name and submit the job.
  2. Member UCTCMVS in the INSTALL library contains an SMP/E USERMOD to apply the modification to the UCTL load module. Change the USERMOD to the new class name and submit the job.
  3. Member UEMCMVS in the INSTALL library contains an SMP/E USERMOD to apply the modification to the UEM load module. Change the USERMOD to the new class name and submit the job.
    All steps must end with return code 0.

Step 5

IPL the z/OS system to install the new class descriptor and routing tables.

Step 6

Activate the new class and define it for generic profile checking by entering the following RACF SETROPTS commands:
 

SETROPTS CLASSACT($UNV)
SETROPTS GENERIC($UNV)