Convert UA92778 RACF commands to Top Secret for Pervasive Encryption Setup.
Here are the Top Secret equivalents:
UA92778 ++ HOLD(UA92778) SYS FMID(HDZ2210) REASON(ACTION) DATE(17216) - GO
COMMENT
(****************************************************************
* FUNCTION AFFECTED: DFSMS (OA50569) *
* DFSMSdfp *
****************************************************************
* DESCRIPTION : Installation notes *
* *
****************************************************************
* TIMING : Pre-APPLY *
****************************************************************
SPECIAL CONDITIONS -
The steps below are intended to assure that encrypted data sets
are not created until the installation is ready to encrypt and
decrypt. Until the decryption functions are available on all
sharing systems (including backup systems, and disaster
recovery systems), access to encrypted data can be lost at any
time.
ACTION -
To control the creation of encrypted data sets and prevent
loss of access to data on any system that does not have the
support, the following actions need to be taken before the
software is installed.
- Restrict access to the SAF FACILITY class resource
STGADMIN.SMS.ALLOW.DATASET.ENCRYPT
until all systems in your installation have installed the
PTFs for OA50569 and the minimum hardware. To do this, you
can define the STGADMIN.SMS.ALLOW.DATASET.ENCRYPT profile
in the FACILITY class, and set the universal access to NONE.
For example:
RDEFINE FACILITY STGADMIN.SMS.ALLOW.DATASET.ENCRYPT UACC(NONE)
TSS ADD(owningacid) IBMFAC(STGADMIN)
- If the SAF FIELD class is active, check for any profile
that would allow any user without SPECIAL attribute access
to the DATASET.DFP.DATAKEY. If there are none, no additional
action is needed. If there is any profile that would allow
access to DATASET.DFP.DATAKEY, create a DATASET.DFP.DATAKEY
profile in the FIELD class with a UACC of NONE.
For example:
RDEFINE FIELD DATASET.DFP.DATAKEY UACC(NONE)
TSS ADD(owningacid) FIELD(DATASET)
- Do not create DATASET profiles with the KEYLABEL field in
the DFP segment until all systems in your installation have
met all software and hardware minimum requirements.
Reference the ENH hold instructions.).