Security definition for configuration for Liberty JVM servers
Article ID: 106284
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
Liberty JVM in CICS and for this we need to define the appropriate TSS permits. Could you kindly transform the RACF (attached doc) statements into respective TSS instructions.
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
Example 7-1 Creating the required SAF STARTED profile
RDEFINE STARTED BBGZANGL.* UACC(NONE) STDATA(USER(WLPUSER)) SETROPTS RACLIST(STARTED) REFRESH
TSS ADD(STC) PROCNAME(BBGZANGL.*) ACID(WLPUSER)
Example 7-2 Setting up and giving access to the server class process BBG.ANGEL
RDEFINE SERVER BBG.ANGEL UACC(NONE) PERMIT BBG.ANGEL CLASS(SERVER) ACCESS(Read) ID(CICSREGN)
TSS ADD(department acid) SERVER(BBG.)
TSS PERMIT(CICSREGN) SERVER(BBG.ANGEL) ACCESS(READ)
Example 7-3 Setting up the SAF unauthorized services profile
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED
CLASS(SERVER) ACCESS(READ) ID(CICSREGN)
TSS PERMIT(CICSREGN) SERVER(BBG.AUTHMOD.BBGZSAFM) ACCESS(READ)
Example 7-4 Setting up the AUTHMOD.BBGZSAFM profile (same as 7-3?)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM CLASS(SERVER)
ACCESS(READ) ID(CICSREGN)
TSS PERMIT(CICSREGN) SERVER(BBG.AUTHMOD.BBGZSAFM) ACCESS(READ)
Example 7-5 Creating the profile for the IFAUSAGE services and giving read access
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.PRODMGR UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM.PRODMGR
CLASS(SERVER) ACCESS(READ) USER(CICSREGN)
TSS PERMIT(CICSREGN) SERVER(BBG.AUTHMOD.BBGZSAFM.PRODMGR) ACCESS(READ)
Example 7-6 RACF refresh command for the SERVER resource
SETROPTS RACLIST(SERVER) REFRESH
No CA Top Secret equivalent and not needed
Example 7-9 Setting READ access for WEBUSER
PERMIT SC8CICS CLASS(APPL) ACCESS(READ) ID(WEBUSER)
TSS ADD(dept) APPL(SC8CICS)
TSS PER(WEBUSER) APPL(SC8CICS)
Example 7-10 Granting READ access to WSGUEST
PERMIT SC8CICS CLASS(APPL) ACCESS(READ) ID(WSGUEST) SETROPTS RACLIST(APPL) REFRESH
TSS PER(WSGUEST) APPL(SC8CICS)
Example 7-11 Setting up the SC8CICS profile for WZSSAD
RDEFINE SERVER BBG.SECPFX.SC8CICS UACC(NONE) PERMIT BBG.SECPFX.SC8CICS CLASS(SERVER)
ACCESS(READ) ID(CICSREGN)
SETROPTS RACLIST(SERVER) REFRESH
TSS PERMIT(CICSREGN) SERVER(BBG.SECPFX.SC8CICS) ACCESS(READ)
RDEFINE STARTED BBGZANGL.* UACC(NONE) STDATA(USER(WLPUSER)) SETROPTS RACLIST(STARTED) REFRESH
TSS ADD(STC) PROCNAME(BBGZANGL.*) ACID(WLPUSER)
Example 7-2 Setting up and giving access to the server class process BBG.ANGEL
RDEFINE SERVER BBG.ANGEL UACC(NONE) PERMIT BBG.ANGEL CLASS(SERVER) ACCESS(Read) ID(CICSREGN)
TSS ADD(department acid) SERVER(BBG.)
TSS PERMIT(CICSREGN) SERVER(BBG.ANGEL) ACCESS(READ)
Example 7-3 Setting up the SAF unauthorized services profile
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED
CLASS(SERVER) ACCESS(READ) ID(CICSREGN)
TSS PERMIT(CICSREGN) SERVER(BBG.AUTHMOD.BBGZSAFM) ACCESS(READ)
Example 7-4 Setting up the AUTHMOD.BBGZSAFM profile (same as 7-3?)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM CLASS(SERVER)
ACCESS(READ) ID(CICSREGN)
TSS PERMIT(CICSREGN) SERVER(BBG.AUTHMOD.BBGZSAFM) ACCESS(READ)
Example 7-5 Creating the profile for the IFAUSAGE services and giving read access
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.PRODMGR UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM.PRODMGR
CLASS(SERVER) ACCESS(READ) USER(CICSREGN)
TSS PERMIT(CICSREGN) SERVER(BBG.AUTHMOD.BBGZSAFM.PRODMGR) ACCESS(READ)
Example 7-6 RACF refresh command for the SERVER resource
SETROPTS RACLIST(SERVER) REFRESH
No CA Top Secret equivalent and not needed
Example 7-9 Setting READ access for WEBUSER
PERMIT SC8CICS CLASS(APPL) ACCESS(READ) ID(WEBUSER)
TSS ADD(dept) APPL(SC8CICS)
TSS PER(WEBUSER) APPL(SC8CICS)
Example 7-10 Granting READ access to WSGUEST
PERMIT SC8CICS CLASS(APPL) ACCESS(READ) ID(WSGUEST) SETROPTS RACLIST(APPL) REFRESH
TSS PER(WSGUEST) APPL(SC8CICS)
Example 7-11 Setting up the SC8CICS profile for WZSSAD
RDEFINE SERVER BBG.SECPFX.SC8CICS UACC(NONE) PERMIT BBG.SECPFX.SC8CICS CLASS(SERVER)
ACCESS(READ) ID(CICSREGN)
SETROPTS RACLIST(SERVER) REFRESH
TSS PERMIT(CICSREGN) SERVER(BBG.SECPFX.SC8CICS) ACCESS(READ)
Feedback
Yes
No
Powered by
