Wednesday, March 5, 2008

RACF, XMIT, and RECEIVE Basics

Oy! It's been a while since I've updated this thing. In all fairness though, I've been in class learning the mysteries of PL/X and Basic Assembler Language so I haven't had a lot of free time as of late.

So like everything else on the mainframe, performing simple tasks like sharing, sending, or receiving data sets can become a real pain in the tookus. There are about a million options for each command, most of which you really don't need to worry about. What follows is a quick-and-dirty guide to performing these basic tasks:


1) SETTING PERMISSIONS IN RACF

So here's the scenario. You've got a data set and you want your colleague to be able to view it so you can collaborate. How do you give him/her the ability to access your files?

In order to set a specific level of access to a data set, you need to create either a generic or discrete profile. A generic profile is used to set permissions on several data sets at once. For the purposes of this guide, we will only work with discrete profiles, which sets the permission level on a specific data set.

The first thing you need to do is determine whether or not the data set is already defined to RACF. You do this by issuing the following TSO command:

LISTDSD DA(dataset name) ALL

This will tell you if and in what manner the data set is defined to RACF. If the data set is covered by a generic profile, there will be a (G) next to the data set name. If there is no profile, or the data set is covered by a generic profile, you'll want to create a discrete profile to allow a specific user access to a specific, single data set. In the case where a data set is defined to RACF with both a generic and discrete profile, the discrete profile will take precedence. To create a discrete profile, use the following command:

ADDSD dataset UACC(NONE)

UACC stands for Universal Access Authority. Here are a few of the more useful UACC parameters:

NONE Does not allow users to access the data set.

READ Allows users to access the data set for reading only.

UPDATE Allows users to read from, copy from, or write to the data set.

ALTER Allows users to read, update, delete, rename, move, or scratch the data set.


By setting the default level to NONE, we ensure that nobody but the person(s) we specify have access to the data set. Now that we have the data set defined to RACF, we need to give your colleague access to it. You can do this by issuing the following command:

PERMIT dataset ID(user) ACCESS(level)

Congrats! You've now created a RACF profile to protect your dataset, and have allowed your coworker(s) access to it. I should note that there are lots of other fun things you can do with RACF, and that this is just a few basic commands. If you want to know more, the IBM publication z/OS Security Server RACF General User’s Guide is an excellent resource.


2) TRANSMITTING A DATA SET

This is actually pretty simple. You need to issue the following TSO command:

XMIT (node.user) DATASET(data set)

The node name is going to be specific to your system. Just ask around, one of your coworkers will be able to tell you what it is :-)


3) RECEIVE

When someone sends you a data set, you use the receive command to, well, receive it. This is another one of those commands with a lot of options that 99% of the time you don't need. This is a TSO command, and the following options are the ones that I find the most useful:

RESTORE: SPECIFIES THE TRANSMITTED DATA SHOULD BE RESTORED TO ITS ORIGINAL FORMAT. RESTORE IS THE DEFAULT.

DELETE: SPECIFIES THE FILE BE DELETED WITHOUT RESTORING IT.

DATASET(data set name): SPECIFIES THE NAME OF THE DATA SET TO BE USED TO CONTAIN THE RECEIVED DATA SET. IF THE NAME DOES NOT EXIST ALREADY, THE SYSTEM CREATES IT.


So when someone sends you a data set and you want to receive it, the command looks like this:

RECEIVE RESTORE/DELETE/DATASET(data set name)


That's it for now, hope you found this helpful!

2 comments: