ADDENTRY for IDENTITY/SUBCONFIG

Article Id: 102163
Status: Published
Updated On: 15-10-2020 13:20
Products:
CA VM:Secure for z/VM
Issue/Introduction:



Do you have any additional documentation (maybe presentations, red books, white papers) that will give me a clue as to how to create IDENTITY and SUBCONFIGs from scratch? The Reference manual and the ADDENTRY command is not doing it for me.

Environment:

Release:
Component: VMX

Resolution:

You'll want to use VMSECURE commands ADDENTRY or DELENTRY when adding or deleting a SUBCONFIG entry. 

VMSECURE MANAGE will allow you to modify *existing* SUBCONFIG entries but you have to use the ADDENTRY command to create it. 

Use VMSECURE MANAGE to modify existing SUBCONFIGs. 

You can create a SUBCONFIG entry interactively, through the MANAGE screen for its associated IDENTITY entry. 

Creating and Deleting SUBCONFIG Entries 
Doc’ed at: 

https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/no-security-mgmt/en/administrators/managing-the-product-in-a-single-system-image-complex/creating-and-deleting-subconfig-entries 


Right below (in the doc) are the steps for Creating a SUBCONFIG Entry with the 
ADDENTRY Command. 


Additional notes/input: 

If ADDENTRY does not create a subconfig entry, and only creates a user entry, that’s likely because you did not specify the IN and ON parms. 

As doc’ed for ADDENTRY: 

[IN identity] 
Specifies that a SUBCONFIG entry will be created using either an input file or a skeleton. A BUILD statement for the new SUBCONFIG entry will be added to the named identity directory entry. If IN is specified, then ON must also be specified 

[ON member] 
Specifies that a SUBCONFIG entry will be created using either an input file or a skeleton. A BUILD statement for the new SUBCONFIG will specify the named member of an SSI complex. The member name must be '*' if used in a non-SSI environment. If ON is specified, then IN must also be specified 


As you can see, you need to specify both IN and ON and parms. 


One example: 

VMSECURE ADDENTRY KITTY (IN MAINT ON TESTCP8A 


Another example: 

VMSECURE ADDENTRY TCPIP-2 ( NOSKEL IN TCPIP2 ON * 

Where tcpip-2 is the name of the subconfig 
And tcpip2 is the name of the member 
Note: This is a non SSI environment so ON * 


To create an IDENTITY entry and its subconfigs, first create a user ID and modify it to be an IDENTITY. Then add SUBCONFIG entries for the IDENTITY entry. 

Creating an SSI IDENTITY Directory Entry and SUBCONFIG Entries 
doc’ed at: 

https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/no-security-mgmt/en/directory-managers/managing-directory-entries/creating-directory-entries/create-a-directory-entry 

 

Additional Information:

You can create a new subconfig in a couple of ways.

If you issue VMSECURE MANAGE identityname you will see selection 1 will help you create a new SUBCONFIG for that identity.

If you use something like ADDENTRY, you need to use a skeleton that directs VMSECURe to make a SUBCONFIG.

I have a skeleton called SUBCFG that consists of this:

SUBCONFIG SUBCFG
*ED=
*LL=
*-----End VM:Secure Directory Comments-----*
*------------------------------------------*
*  System Specific Minidisks               *
*------------------------------------------*

Then I can do:

VMSECURE ADDENTRY subconfig-name SUBCFG (IN identity-name ON ssi-member-name

Once created you can MANAGE it or use other commands on it like you normally would.