query reg difference

TSO Programming, ISPF, SDF, SDSF and PDF, FTP, TCP/IP Concepts, SNA & SNA/IP etc...

query reg difference

Postby Viswanathchandru » Fri Oct 29, 2010 6:11 pm

what is the difference between Raclist and genric. and also what is meant by setrops. since m new to this field m asking primary question. kindly bare with this.

Thanks & Regards,
Posts: 271
Joined: Mon Oct 25, 2010 2:24 pm
Has thanked: 25 times
Been thanked: 0 time

Re: query reg difference

Postby enrico-sorichetti » Fri Oct 29, 2010 6:22 pm

completely unrelated things
generic is the characteristic of a profile
for example
specific profile MY.ISPF.DATASET
generic profile MY.ISPF.*

RACLISTed is a processing option

setropts is the command used to set the racf processing options

all You might want to know about RACF is here
http://publibz.boulder.ibm.com/cgi-bin/ ... s/ICHZBK81

not the latest one, but enough to get You started
When I tell somebody to RTFM or STFW I usually have the page open in another tab/window of my browser,
so that I am sure that the information requested can be reached with a very small effort
Global moderator
Posts: 2995
Joined: Fri Apr 18, 2008 11:25 pm
Has thanked: 0 time
Been thanked: 164 times

Re: query reg difference

Postby Viswanathchandru » Sat Oct 30, 2010 11:44 pm

Thanks enrico..... why did i asked is... when giving authorization to a certain profile... v will give setrops raclist refresh or setrops genric refresh.... sp y i asked......

Posts: 271
Joined: Mon Oct 25, 2010 2:24 pm
Has thanked: 25 times
Been thanked: 0 time

Re: query reg difference

Postby Robert Sample » Sun Oct 31, 2010 12:30 am

From the manual on the SETROPTS command (emphasis added by me):

Use the SETROPTS command to set system-wide RACF options related to resource protection dynamically. Specifically, you can use SETROPTS to do the following:

* Gather and display RACF statistics
* Protect terminals
* Log RACF events
* Permit list-of-groups access checking
* Display options currently in effect
* Enable or disable the generic profile checking facility on a class-by-class basis
* Activate checking for previous passwords and password phrases
* Limit unsuccessful attempts to access the system using incorrect passwords and password phrases
* Control change intervals for passwords and password phrases
* Control mixed-case passwords
* Warn of password expiration
* Establish password syntax rules
* Activate auditing for access attempts by class
* Activate auditing for security labels
* Require that all work entering the system, including users logging on and batch jobs, have a security label assigned
* Enable or disable the global access checking facility
* Refresh in-storage profile lists and global access checking tables
* Set the password the operator must supply in order for RACF to complete an RVARY command that changes RACF status or changes the RACF databases
* Enable or disable the sharing, in common storage, of discrete and generic profiles for general resource classes
* Activate or deactivate auditing of access attempts to RACF-protected resources based on installation-defined security levels
* Control the automatic data set protection (ADSP) attribute for users
* Activate profile modeling for GDG, group, and user data sets
* Activate protection for data sets with single-level names
* Control logging of real data set names
* Control the job entry subsystem options
* Activate tape data set protection
* Control whether RACF is to allow users to create or access data sets that do not have RACF protection
* Activate and control the scope of erase-on-scratch processing
* Activate program control, which includes both access control to load modules and program access to data
* Prevent users from accessing uncataloged permanent data sets
* Establish a system-wide VTAM® session interval
* Set an installation-wide default for the RACF security retention period for tape data sets
* Activate enhanced generic naming for data sets and entries in the global access checking table
* Set installation defaults for primary and secondary national languages
* Activate auditing for APPC transactions
* Use the dynamic class descriptor table.
Other than the fact that the SETROPTS command can use both GENERIC and RACLIST, there's not much similarity between the two.
Robert Sample
Global moderator
Posts: 3720
Joined: Sat Dec 19, 2009 8:32 pm
Location: Dubuque, Iowa, USA
Has thanked: 1 time
Been thanked: 279 times

Re: query reg difference

Postby steve-myers » Sun Oct 31, 2010 1:23 am

Actually, a "generic" data set profile can specify a complete data set name, and it applies to any data set with that name regardless of the volume where the data set resides. A non-generic (discrete) data set profile applies to just the data set. If the dataset is not cataloged, you must specify the data set's volume serial to establish the profile as well as specifying the entire data set name.

The original RACF did not have generic data set profiles; it was its biggest weakness. Other security product vendors, ACF2 in particular, kept harping on this and it eventually forced IBM to add generic data set profiles to RACF.
Global moderator
Posts: 2105
Joined: Thu Jun 03, 2010 6:21 pm
Has thanked: 4 times
Been thanked: 243 times

Return to TSO & ISPF


  • Related topics
    Last post