ADDENTRY for IDENTITY/SUBCONFIG
Article ID: 102163
Updated On:
Products
CA VM:Secure for z/VM
Issue/Introduction
Do you have any additional documentation (maybe presentations, red books, white papers) that will give me a clue as to how to create IDENTITY and SUBCONFIGs from scratch? The Reference manual and the ADDENTRY command is not doing it for me.
Environment
Release:
Component: VMX
Component: VMX
Resolution
You'll want to use VMSECURE commands ADDENTRY or DELENTRY when adding or deleting a SUBCONFIG entry.
VMSECURE MANAGE will allow you to modify *existing* SUBCONFIG entries but you have to use the ADDENTRY command to create it.
Use VMSECURE MANAGE to modify existing SUBCONFIGs.
You can create a SUBCONFIG entry interactively, through the MANAGE screen for its associated IDENTITY entry.
Creating and Deleting SUBCONFIG Entries
Doc’ed at:
https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/no-security-mgmt/en/administrators/managing-the-product-in-a-single-system-image-complex/creating-and-deleting-subconfig-entries
Right below (in the doc) are the steps for Creating a SUBCONFIG Entry with the
ADDENTRY Command.
Additional notes/input:
If ADDENTRY does not create a subconfig entry, and only creates a user entry, that’s likely because you did not specify the IN and ON parms.
As doc’ed for ADDENTRY:
[IN identity]
Specifies that a SUBCONFIG entry will be created using either an input file or a skeleton. A BUILD statement for the new SUBCONFIG entry will be added to the named identity directory entry. If IN is specified, then ON must also be specified
[ON member]
Specifies that a SUBCONFIG entry will be created using either an input file or a skeleton. A BUILD statement for the new SUBCONFIG will specify the named member of an SSI complex. The member name must be '*' if used in a non-SSI environment. If ON is specified, then IN must also be specified
As you can see, you need to specify both IN and ON and parms.
One example:
VMSECURE ADDENTRY KITTY (IN MAINT ON TESTCP8A
Another example:
VMSECURE ADDENTRY TCPIP-2 ( NOSKEL IN TCPIP2 ON *
Where tcpip-2 is the name of the subconfig
And tcpip2 is the name of the member
Note: This is a non SSI environment so ON *
To create an IDENTITY entry and its subconfigs, first create a user ID and modify it to be an IDENTITY. Then add SUBCONFIG entries for the IDENTITY entry.
Creating an SSI IDENTITY Directory Entry and SUBCONFIG Entries
doc’ed at:
https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/no-security-mgmt/en/directory-managers/managing-directory-entries/creating-directory-entries/create-a-directory-entry
VMSECURE MANAGE will allow you to modify *existing* SUBCONFIG entries but you have to use the ADDENTRY command to create it.
Use VMSECURE MANAGE to modify existing SUBCONFIGs.
You can create a SUBCONFIG entry interactively, through the MANAGE screen for its associated IDENTITY entry.
Creating and Deleting SUBCONFIG Entries
Doc’ed at:
https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/no-security-mgmt/en/administrators/managing-the-product-in-a-single-system-image-complex/creating-and-deleting-subconfig-entries
Right below (in the doc) are the steps for Creating a SUBCONFIG Entry with the
ADDENTRY Command.
Additional notes/input:
If ADDENTRY does not create a subconfig entry, and only creates a user entry, that’s likely because you did not specify the IN and ON parms.
As doc’ed for ADDENTRY:
[IN identity]
Specifies that a SUBCONFIG entry will be created using either an input file or a skeleton. A BUILD statement for the new SUBCONFIG entry will be added to the named identity directory entry. If IN is specified, then ON must also be specified
[ON member]
Specifies that a SUBCONFIG entry will be created using either an input file or a skeleton. A BUILD statement for the new SUBCONFIG will specify the named member of an SSI complex. The member name must be '*' if used in a non-SSI environment. If ON is specified, then IN must also be specified
As you can see, you need to specify both IN and ON and parms.
One example:
VMSECURE ADDENTRY KITTY (IN MAINT ON TESTCP8A
Another example:
VMSECURE ADDENTRY TCPIP-2 ( NOSKEL IN TCPIP2 ON *
Where tcpip-2 is the name of the subconfig
And tcpip2 is the name of the member
Note: This is a non SSI environment so ON *
To create an IDENTITY entry and its subconfigs, first create a user ID and modify it to be an IDENTITY. Then add SUBCONFIG entries for the IDENTITY entry.
Creating an SSI IDENTITY Directory Entry and SUBCONFIG Entries
doc’ed at:
https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/no-security-mgmt/en/directory-managers/managing-directory-entries/creating-directory-entries/create-a-directory-entry
Additional Information
You can create a new subconfig in a couple of ways.
If you issue VMSECURE MANAGE identityname you will see selection 1 will help you create a new SUBCONFIG for that identity.
If you use something like ADDENTRY, you need to use a skeleton that directs VMSECURe to make a SUBCONFIG.
I have a skeleton called SUBCFG that consists of this:
SUBCONFIG SUBCFG
*ED=
*LL=
*-----End VM:Secure Directory Comments-----*
*-----------------------------
* System Specific Minidisks *
*-----------------------------
Then I can do:
VMSECURE ADDENTRY subconfig-name SUBCFG (IN identity-name ON ssi-member-name
Once created you can MANAGE it or use other commands on it like you normally would.
Feedback
Powered by
