Data set profiles for the ISPF client

Provide access to IBM® Engineering Workflow Management (EWM) data sets for users.
READ access for users and ALTER for system programmers is sufficient for most EWM data sets. Ask the system programmer who installed and configured the product for the correct data set names. BLZ is the default high-level qualifier.
Replace the #sysprog placeholder with valid user IDs or RACF group names in the following sample RACF commands:.
  • ADDGROUP (BLZ) OWNER(IBMUSER) SUPGROUP(SYS1)
    DATA('EWM - HLQ STUB')
  • ADDSD ‘BLZ.**' UACC(READ)
    DATA('EWM')
  • PERMIT ‘BLZ.**' CLASS(DATASET) ACCESS(ALTER) ID(#sysprog)
  • SETROPTS GENERIC(DATASET) REFRESH
Note: The sample commands here assume that enhanced generic naming (EGN) is active. EGN allows the ** qualifier to represent any number of qualifiers in the DATASET class. Substitute ** with * if EGN is not active on your system. Refer to Security Server RACF Security Administrator's Guide, (SA22-7683), for more information on EGN.
Use the following sample RACF commands for a more secure setup where READ access is also controlled.
  • uacc(none) data set protection
    • ADDGROUP (BLZ)
        DATA('EWM - HLQ STUB')
        OWNER(IBMUSER) SUPGROUP(SYS1)
    • ADDSD BLZ.**' UACC(NONE)
        DATA('EWM')
    • ADDSD 'BLZ.SBLZLOAD' UACC(NONE)
        DATA('EWM')
    • ADDSD 'BLZ.SBLZEXEC' UACC(NONE)
        DATA('EWM')
    • ADDSD 'BLZ.SBLZMENU' UACC(NONE)
        DATA('EWM')
    • ADDSD 'BLZ.SBLZMENU' UACC(NONE)
        DATA('EWM')
    • ADDSD 'BLZ.SBLZSAMP' UACC(NONE)
        DATA('EWM')
  • Permit system programmer to manage all libraries
    • 'BLZ.** CLASS(DATASET) ACCESS(ALTER) ID(#sysprog)
    • PERMIT 'BLZ.SBLZLOAD' CLASS(DATASET) ACCESS(ALTER) ID(#sysprog)
    • PERMIT 'BLZ.SBLZEXEC' CLASS(DATASET) ACCESS(ALTER) ID(#sysprog)
    • PERMIT 'BLZ.SBLZMENU' CLASS(DATASET) ACCESS(ALTER) ID(#sysprog)
    • PERMIT 'BLZ.SBLZPENU' CLASS(DATASET) ACCESS(ALTER) ID(#sysprog)
    • PERMIT 'BLZ.SBLZSAMP' CLASS(DATASET) ACCESS(ALTER) ID(#sysprog)
  • Permit clients to access the load and exec libraries
    • PERMIT 'BLZ.SBLZLOAD' CLASS(DATASET) ACCESS(READ) ID(*)
    • PERMIT 'BLZ.SBLZEXEC' CLASS(DATASET) ACCESS(READ) ID(*)
    • PERMIT 'BLZ.SBLZMENU' CLASS(DATASET) ACCESS(READ) ID(*)
    • PERMIT 'BLZ.SBLZPENU' CLASS(DATASET) ACCESS(READ) ID(*)
    • PERMIT 'BLZ.SBLZSAMP' CLASS(DATASET) ACCESS(READ) ID(*)
  • Activate security profiles
    • SETROPTS GENERIC(DATASET) REFRESH
When controlling READ access to system data sets, you must provide EWM users permission to READ the REXX.V1R4M0.SEAGLPA data set.
Note: When you use the Alternate Library for REXX product package, the default REXX runtime library name is REXX.*.SEAGALT instead of REXX.*.SEAGLPA, as used in the previous sample.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki