Some clarification.
Working with Grouping classes in RACF has the advantage to define entities names in these grouping classes which are comparable to the Resource categories within IDMS internal security.
The path would be in that case
-
The SRTT table contains the following entry
#SECRTT TYPE=ENTRY,RESTYPE=TASK,SECBY=EXTERNAL, *
EXTCLS='$IDMS', *
EXTNAME=(SYSTEM,RESTYPE,RESNAME)
-
The resource type TASK is externally secured, the racf class is $IDMS and external name is SYSTEMnn.TASK.taskname
-
The RACF Class $IDMS have a CDTINFO: GROUP=$GIDMS
-
The RACF class $IDMS has n number profiles which contains the IDMS tasks with extname as attribute.
-
The RACF Group Class $GIDMS have a CDTINFO: MEMBER=$IDMS
-
The RACF Group Class $GIDMS contains n numbers of members (name is) which can be the resource category IDMS name
-
Add The RACF Profiles to the RACF group classes names (add the IDMS tasks to the IDMS resource category with the ADD MEMBER statement.
-
Permits can be given on RACF grouping classes to RACF groups
-
RACF users resides within RACF groups
Some questions.
IS there some experience available in the Group?
Can a task be member of more RACF Group Names?
Performance issues for IDMS resource Program when defined secby external?
Can such a member of a resource category be non-discrete (wildcard on task ex.SYSTEMnn.TASK.ABCD*) ?