Is there any ACF2 information on setting up BCPii?
search cancel

Is there any ACF2 information on setting up BCPii?

book

Article ID: 11012

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

As long as you start ACF2 using SYS1.PARMLIB member CAISEC00(which is recommended), ACF2 will start before BCPII or any other OMVS address space, there will be no problems.

In ACF2, the "community name" is translated into the APPLDATA in the ACF2 rule.



Is there any ACF2 information on setting up BCPii?

Environment

Release:
Component: ACF2MS

Resolution

As long as you start ACF2 using SYS1.PARMLIB member CAISEC00(which is recommended), ACF2 will start before BCPII or any other OMVS address space, there will be no problems.

Details on ACF2 initialization and CAISEC00 can be found in the CA ACF2 for z/OS Installation Guide, Chapter 3: Installing CA ACF2, section "Step 11: CA ACF2 System Initialization".

If you are new to using BCPii and have not yet set up the "community name", here is the section from the IBM doc and what that means in ACF2:

----------------------------- begin ---------------------------------------

To define the BCPii community name in the security product, use the APPLDATA field with the CPC profile definition to associate a community name with a particular CPC.

The APPLDATA field for the BCPii community name contains a 1 to 16 character alphanumeric field. Because of restrictions with the security products on z/OS, the BCPii SNMP community name must not contain any lowercase characters.

This is an RACF example to assign a BCPii community name of "XYZ123" to an existing CPC definition for CPC name xxx.CPCnnn:

RALTER FACILITY HWI.TARGET.xxx.CPCnnn APPLDATA('XYZ123')
SETROPTS RACLIST(FACILITY) REFRESH

Note: A community name definition must be defined for at least the local CPC otherwise, BCPii cannot continue with initialization of its address space an BCPii services are not available. This is accompanied by message HWI014I.

----------------------------- end ---------------------------------------

The equivalent ACF2 rule for this (assuming the resource class of FACILTIY is mapped to the ACF2 type code of FAC, the default):

$KEY(HWI) TYPE(FAC)
$USERDATA(XYZ123)
TARGET.xxx.CPCnnn UID(*) ALLOW

where "xxx.CPCnnn" is from the (IBM) example. Replace this with the CPC name used at your site.

Also, since the type FAC should be resident, be sure to rebuild: F ACF2,REBUILD(FAC)