Improve access control of software configuration and library manager resources
IBM® Enhanced Access Control for Software Configuration and Library Manager (SCLM) for z/OS® provides more levels of access control granularity and protection for SCLM-managed resources than SCLM and IBM Resource Access Control Facility (RACF). You can specify which programs can be used by SCLM-managed data, and restrict user access based on SCLM function or service. This helps prevent RACF data set violations and unexpected changes to SCLM data.
Enhanced Access Control for SCLM for z/OS:
- Improves control over access to SCLM resources by enhancing RACF controls to specify which programs can be used to access SCLM data.
- Prevents unintended changes to SCLM data sets by granting access to SCLM resources only when SCLM is used.
- Provides additional levels of access controls to allow you to further restrict access to SCLM data and monitor RACF data set violations.
Improves control over access to SCLM resources
Prevents unintended changes to SCLM data sets
- After normal RACF security controls are applied, you can use Enhanced Access Control for SCLM for z/OS to grant access to a specific set of applications such as SCLM.
- The applications can define various subfunctions of SCLM. For example, an SCLM Promote may be allowed access, whereas an SCLM Edit may be denied access.
Provides additional levels of access controls
- Enhanced Access Control for SCLM for z/OS allows access to SCLM resources when SCLM programs are used.
- This avoids the potential for unexpected changes to SCLM data sets resulting from updates using non-SCLM programs.
- The SCLM programs are described using applications. The data sets to be controlled and their access rules are described using profiles.
- Enhanced Access Control for SCLM for z/OS works with IBM RACF so you can further restrict access to SCLM data—it can only be accessed using the SCLM family of products.
- It also allows you to restrict access from within the SCLM family based on function so you can decide which users should have access to which SCLM functions.
- When Enhanced Access Control for SCLM is active, it monitors RACF data set violations. If a violation occurs for a data set managed according to the Enhanced Access Control for SCLM for z/OS profiles, the defined access rules are used to assign access privileges. If sufficient access privilege is not defined, an RACF data set violation occurs.
- Like RACF, Enhanced Access Control for SCLM for z/OS has its own rules database that describes the conditions under which access is granted. These are contained in the rule file, a Virtual Storage Access Method (VSAM) key-sequenced data set (KSDS) that is administered through the ISPF dialog.
Enhanced Access Control for SCLM for z/OS resources