Business Continuity Manager controls access regarding the CLI commands, YKAGENTD (Business Continuity Manager agent), and YKBTSCAN (local batch scanning) as a basic access control function. Therefore, to use these commands and functionality, you must set up the RACF. Users can use these functions once profiles have been defined for the RACF FACILITY class, and once READ permissions for these profiles have been set to the users' accounts.
For details about the extended access control function, see the Hitachi Business Continuity Manager User Guide.
The following table lists the correspondence between profiles defined in the FACILITY class and available functions.
Profile defined for the FACILITY class |
Available functions |
---|---|
STGADMIN.YKA.BCM.COMMANDS (Operation profiles) |
YKAGENTD |
YKBLDCMD command |
|
YKBLDPTH command |
|
YKBLDRMT command |
|
YKBTSCAN |
|
YKDELCMD command |
|
YKDELETE command |
|
YKDELPTH command |
|
YKDELRMT command |
|
YKDEXCTG command |
|
YKEWAIT command |
|
YKFCSTAT command |
|
YKFREEZE command |
|
YKH2B command |
|
YKMAKE command |
|
YKQEXCTG command |
|
YKQHPATH command |
|
YKQRYDEV command |
|
YKQRYPTH command |
|
YKQUERY command |
|
YKRECVER command |
|
YKRESYNC command |
|
YKRUN command |
|
YKSCAN command |
|
YKSTATS command |
|
YKSUSPND command |
|
YKWATCH command |
|
STGADMIN.YKA.BCM.YKQUERY (Reference profiles) |
YKAGENTD |
YKBTSCAN |
|
YKDSPRMT command |
|
YKEWAIT command |
|
YKFCSTAT command |
|
YKH2B command |
|
YKQEXCTG command |
|
YKQHPATH command |
|
YKQRYDEV command |
|
YKQRYPTH command |
|
YKQUERY command |
|
YKSCAN command |
|
YKSTATS command |
|
YKWATCH command |
Depending on the parameter specified for the YKFENCE command, you must define the following ANTRQST macro profiles in the FACILITY class.
-
For the YKFENCE command with the SOFTFENCE or SOFTUNFENCE parameter specified
-
STGADMIN.ANT.PPRC.COMMANDS
-
STGADMIN.ANT.PPRC.FENCE
-
-
For the YKFENCE command with the QUERY parameter specified
-
STGADMIN.ANT.PPRC.CQUERY
-
-
YKBLDCMD
-
YKBLDPTH
-
YKDELCMD
-
YKDELETE
-
YKDELPTH
-
YKDEXCTG
-
YKFREEZE
-
YKMAKE
-
YKRECVER
-
YKRESYNC
-
YKRUN
-
YKSUSPND
For details on how to set the READ permissions for the profiles to the user, see Procedure for setting the READ permission for the RACF profile to the user.
The CLI commands in the following table issue other CLI commands internally. As such, to execute one of the CLI commands in this table, you must have permission to reference the profile of the internally issued CLI command as well. The CLI commands for which YKLOAD(GROUP) is listed as an internally issued command in the following table internally issue the YKLOAD command with the GROUP parameter specified. For this reason, if you are using the access protection function for copy groups, you must have permission to reference the profile of the copy group to be loaded. For details about the profiles of copy groups, see Table 1.
CLI command |
Internally issued CLI command |
---|---|
YKBLDRMT | YKLOAD(ROUTE),YKBLDCMD,YKQRYDEV |
YKDEFGRP | YKLOAD(GROUP),YKSTORE |
YKDEFRMT | YKLOAD(ROUTE),YKSTORE |
YKDELCNF | YKLOAD(ROUTE) |
YKDELRMT | YKLOAD(ROUTE),YKDELCMD |
YKDSPGRP | YKLOAD(GROUP) |
YKDSPRMT | YKLOAD(GROUP),YKQRYDEV |