Browse Prior Art Database

TSO RACF CHKDSN - Checking Authority of a Dataset

IP.com Disclosure Number: IPCOM000120752D
Original Publication Date: 1991-Jun-01
Included in the Prior Art Database: 2005-Apr-02
Document File: 4 page(s) / 123K

Publishing Venue

IBM

Related People

Pham, TA: AUTHOR

Abstract

Disclosed is a TSO command to help programmers checking an authority of a userid or a groupid to a dataset name.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 48% of the total text.

TSO RACF CHKDSN - Checking Authority of a Dataset

      Disclosed is a TSO command to help programmers checking
an authority of a userid or a groupid to a dataset name.

      CHKDSN is a TSO RACF command which will perform third party
RACF authorization checking for a dataset.  This command is used to
check an authority of a userid or a groupid to a dataset name.

      This command applies to MVS systems only.

      To use this CHKDSN command, one must meet all the following
conditions:
      + RACF release 1.8 or 1.8.1.
      + Load module of CHKDSN must be an authorized module
           (APF-authorized, or in system key 0-7, or in
           supervisor state)
      + CHKDSN must be included in the 'SYS1.PARMLIB(IKJTSOxx)'
           library.

      If resource name "$CHKDSN" of RACF class "FACILITY" is active
in the current system, then the user must have RACF "READ" authority
to resource "$CHKDSN" for using TSO CHKDSN command.
      CHKDSN (id,datasetname,access)

      Open and close parentheses are the required characters of the
CHKDSN syntax.  All field values may be in the uppercase/lowercase
characters.

      ID specifies the userid or groupid that RACF uses to perform
third party RACF CHECK.

      The userid or groupid must be a valid id of the system. The
CHKDSN command will check if the userid or groupid is a valid id when
the resource is a protected dataset.  If it is an invalid id, then
the CHKDSN command will stop the execution, and a message RDSN02E
will be displayed.

      In order to indicate the id is a groupid, you must insert an
asterisk (*) at the end of the groupid value, example:  RACFGRP*.
Otherwise, it will be a userid value.

      This is a required field of the CHKDSN command.

      ,DATASETNAME specifies the dataset name that RACF uses to
perform third party RACF CHECK.  The dataset name may be a VSAM,
non-VSAM dataset, or partitioned-dataset.  The CHKDSN command will
not check if the dataset name is a valid dataset.  The dataset name
may be a generic dataset, or full dataset name without quote.  If the
dataset name is not a protected resource, then the CHKDSN command
will check whether or not the userid has an authority access to any
generic of that dataset name (see examples).

      This is a required field of the CHKDSN command.

      ,ACCESS specifies the access authority of the userid which will
be checked to the resource dataset name:
   R - Read, check if the userid can open and read the resource.
   U - Update, check if the userid can open and write/read the
resource.
      C - Control,
           * VSAM dataset; check if the userid has authority
equivalent to the VSAM control password.
   * Non-VSAM dataset; check if the userid has UPDATE authority.
   U - Alter, check if the userid has total control over resource.
      Default:  R
      This is an opt...