ACF2

 View Only

zFS and FSA resource access rule

  • 1.  zFS and FSA resource access rule

    Posted May 31, 2022 05:11 PM
    Edited by Prem Kannan May 31, 2022 05:23 PM
    z/OS 2.4 is the last release of the operating system to support the HFS, customers should migrate from HFS to zFS.

    With that said, we have FSA resource access check enabled [NOBYP-FSA in UNIXOPTS]. If we are to migrate to zFS, we have to setup resource access rule for every user under TYPE(FSA) to their HLQ resource name, because of our auto mount policy.

    USS Auto Mount Policy.
    filesystem <uc_name>.///.<sysname>.U.<uc_name>
    type zFS

    which resolves to userid.ZFS.sysname.U.userid, i.e I have to write following resource access rule for every single user.

    $KEY(userid) TYPE(FSA)
     ZFS.sysname.U.userid UID(userid) SERVICE(READ) ALLOW

    How can I bypass FSA check for owner HLQ? Can I setup SAFDEF that would accomplish this?

    1. I do not want to go all or nothing BYP-FSA / NOBYP-FSA. Because, we want to restrict access to non-owner zFS under FSA class.
    2. Need a solution that does not require us to modify the Auto Mount policy. [I can change the Auto Mount policy with a HLQ allowing access to everyone, but not a desired method, might require more changes than expected, customised scripts, ISPF profile CLISTs etc].

    I already have a CASE raised with CA Support, posted in Community to check if anyone has encountered similar situation.