ACRB - Access Control Rule Base

Enhanced Definition

An Access Control Rule Base (ACRB) is a comprehensive set of rules and policies that define and govern access permissions to resources within an IBM z/OS environment. It specifies which users or groups are authorized to perform specific actions (e.g., read, write, execute) on particular system resources, such as datasets, programs, terminals, or CICS transactions. The ACRB is the fundamental mechanism by which a mainframe's External Security Manager (ESM) enforces security.

Key Characteristics

- Granular Control: Provides highly detailed control over access, allowing permissions to be defined at the level of individual datasets, volumes, programs, CICS transactions, DB2 tables, or IMS segments.
- ESM Implementation: Primarily implemented and enforced by External Security Managers (ESMs) like RACF (Resource Access Control Facility), CA ACF2, or CA Top Secret on z/OS.
- Rule Structure: Consists of rules typically defined within resource profiles (e.g., DATASET, GENERAL RESOURCE, TERMINAL profiles) that specify access lists (ACLs) for users and groups.
- Access Types: Defines various access types, including READ, UPDATE, ALTER, CONTROL, EXECUTE, and NONE, depending on the resource type and the ESM in use.
- Centralized Management: Allows security administrators to manage access permissions centrally, ensuring consistent application of security policies across the z/OS system.
- Dynamic Enforcement: Rules are evaluated by the ESM in real-time whenever an access request is made, allowing for immediate enforcement of security policies.