Security definition for configuration for Liberty JVM servers

book

Article ID: 106284

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Liberty JVM in CICS and for this we need to define the appropriate TSS permits. Could you kindly transform the RACF (attached doc) statements into respective TSS instructions. 

Environment

Release:
Component: TSSMVS

Resolution

Example 7-1   Creating the required SAF STARTED profile
RDEFINE STARTED BBGZANGL.* UACC(NONE) STDATA(USER(WLPUSER)) SETROPTS RACLIST(STARTED) REFRESH

TSS ADD(STC) PROCNAME(BBGZANGL.*) ACID(WLPUSER)

Example 7-2   Setting up and giving access to the server class process BBG.ANGEL
RDEFINE SERVER BBG.ANGEL UACC(NONE) PERMIT BBG.ANGEL CLASS(SERVER) ACCESS(Read) ID(CICSREGN)

TSS ADD(department acid) SERVER(BBG.) 
TSS PERMIT(CICSREGN) SERVER(BBG.ANGEL) ACCESS(READ) 

Example 7-3   Setting up the SAF unauthorized services profile
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED 
CLASS(SERVER) ACCESS(READ) ID(CICSREGN)

TSS PERMIT(CICSREGN) SERVER(BBG.AUTHMOD.BBGZSAFM) ACCESS(READ)

Example 7-4   Setting up the AUTHMOD.BBGZSAFM profile (same as 7-3?)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM CLASS(SERVER) 
ACCESS(READ) ID(CICSREGN)

TSS PERMIT(CICSREGN) SERVER(BBG.AUTHMOD.BBGZSAFM) ACCESS(READ)

Example 7-5   Creating the profile for the IFAUSAGE services and giving read access
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.PRODMGR UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM.PRODMGR 
CLASS(SERVER) ACCESS(READ) USER(CICSREGN) 

TSS PERMIT(CICSREGN) SERVER(BBG.AUTHMOD.BBGZSAFM.PRODMGR) ACCESS(READ)

Example 7-6   RACF refresh command for the SERVER resource
SETROPTS RACLIST(SERVER) REFRESH

No CA Top Secret equivalent and not needed

Example 7-9   Setting READ access for WEBUSER
PERMIT SC8CICS CLASS(APPL) ACCESS(READ) ID(WEBUSER)

TSS ADD(dept) APPL(SC8CICS) 
TSS PER(WEBUSER) APPL(SC8CICS) 

Example 7-10   Granting READ access to WSGUEST
PERMIT SC8CICS CLASS(APPL) ACCESS(READ) ID(WSGUEST) SETROPTS RACLIST(APPL) REFRESH

TSS PER(WSGUEST) APPL(SC8CICS)

Example 7-11   Setting up the SC8CICS profile for WZSSAD
RDEFINE SERVER BBG.SECPFX.SC8CICS UACC(NONE) PERMIT BBG.SECPFX.SC8CICS CLASS(SERVER) 
ACCESS(READ) ID(CICSREGN) 
SETROPTS RACLIST(SERVER) REFRESH

TSS PERMIT(CICSREGN) SERVER(BBG.SECPFX.SC8CICS) ACCESS(READ)