search cancel

ACF2 FSA resource access for zFS

book

Article ID: 243220

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

Currently using HFS for user directory and zFS for system directories with auto mount policy: 

filesystem <uc_name>.///.<sysname>.U.<uc_name>

Planning to switch to zFS for user directory in addition to system directories with auto mount policy Type zFS: 

filesystem <uc_name>.///.<sysname>.U.<uc_name> type zFS

For system directories,  following FSA resource rules are in place:

$KEY(SYSC) TYPE(FSA)

ZFS.- UID(stcid) SERVICE(UPDATE) ALLOW

How to avoid or circumvent creating a resource rule for every user under FSA?

 

 

Environment

Release : 16.0

Component : ACF2 for z/OS

Resolution

FSACCESS is unrelated to any directories, it is only the ZFS dataset name that is validated. 

The BYP-FSA option would disable FSA checking to all ZFS file system and there is no way to bypass FSA checking for user directory /u/ only.

When the file systems were HFS, there was no validation against the file system dataset name. The same emulation can be done with ZFS file systems by writing a generic resource rule as shown below:

$KEY(********) TYPE(FSA)
 - UID(-) ALLOW


Next, rules can be written for specific HLQs that need to be protected for existing ZFS file systems: 

e.g. $KEY(abcdefg) TYPE(FSA)
  -  UID(xxxx) ALLOW