Generic data set profiles

By using generic profiles, you can reduce the number of profiles needed to protect data sets, and also reduce the required size of the RACF database. In addition, generic profiles are not volume-specific (that is, data sets protected by a generic profile can reside on any volume).

Usually, you specify generic data set profile names by specifying a generic character; for example percent (%) or asterisk (*) in the profile name. For data set profiles, RACF distinguishes between asterisk (*) and double asterisk (**) if RACF's enhanced generic naming is in effect. See the z/OS Security Server RACF Command Language Reference for the rules governing generic profile names in the RACF DATASET class.

For example, if you have a group called CICSTS31.CICS, you can define a generic profile named 'CICSTS31.CICS.**', and any user in the access list of this profile can access, at the authorized level, data sets with the high-level qualifier CICSTS31.CICS. For example:
ADDSD 'CICSTS31.CICS.**' UACC(NONE) NOTIFY(admin_userid)
Use the SETROPTS GENERIC command before defining generic profiles, as described in Summary of RACF commands.
Note: Examples in this book show double asterisks (**), which require that enhanced generic naming be in effect. If enhanced generic naming is not in effect, use a single asterisk (*) in place of double asterisks. (You put enhanced generic naming into effect by issuing the RACF SETROPTS EGN command. Note that SETROPTS EGN affects only data set names. Enhanced generic naming is always in effect for general resource profiles, such as TCICSTRN.)