What ACF2 security setup is needed for IBM’s z/OS Connect Enterprise Edition V3.0?
Article ID: 128597
Updated On:
Products
ACF2
ACF2 - DB2 Option
ACF2 for zVM
ACF2 - z/OS
ACF2 - MISC
Issue/Introduction
What ACF2 security setup is needed for IBM’s z/OS Connect Enterprise Edition V3.0?
Environment
Release:
Component: ACF2MS
Component: ACF2MS
Resolution
ACF2 Sample JCL ACFCONEE for z/OS Connect Enterprise Edition V3.0 is attached.
Please note the following.
Note this sample job contains ACF2 UID based rules. For sites
that want to use ROLE base rules the X(ROL) records should
be created and the RECKEY commands should be updated
replacing the UID parameters with the appropriate ROLE
parameters.
1. This job contains sample security definitions that
should be reviewed based on the documentation provided
in "z/OS Connect Enterprise Edition V3.0
Getting Started Guide
for CICS, IMS, Db2 and MQ", WP102724.
2. This job contains statements that MUST be completed
with installation-specific data.
E.g. UID(nn), GID(nn)...
3. This job contains statements that may need to be
modified for installation-dependent data, e.g.
if non-default names were chosen.
4. The statements below are intended for use with
z/OS Security Server (ACF2).
5. Resource class APPL and SERVER resource classes default to
TYPE(SAF):
Resource class 3 char. type code
-------------- -----------------
APPL SAF
SERVER SAF
We recommend changing the default type code for the APPL
resource class from SAF to APL, and the default type code for
the SERVER resource class from SAF to SRV. You may choose a
different 3 character type code (especially if you are already
using APL or SRV for other purposes).
If you already have a CLASMAP for APPL to use a type code other
than SAF, eliminate the INSERT and REFRESH, and specify your
defined type code in the SET RESOURCE(typ) statement where
"typ" is your defined type code. Be sure to change the
SET RESOURCE(typ) to your type codes.
6. This sample job requires the following fields to be changed
to installation-specific data:
On the INSERT ANGELIDP command change angel_home to the
Angel USS home directory.
On the INSERT LIBERTID command change server_home to the
Liberty server USS home directory.
On the INSERT STCID command change angelProc* to a masked
string for Angel Process procs.
On the INSERT STCID command change serverProc* to a masked
string for the Liberty Profile server.
On the INSERT DSN2APPL command change SSKEY(key-value) to a
16-character hexadecimal representation of * the eight
byte encryption key.
For example: SSKEY(123456789ABCDEF0)
On the EXPORT commands change the DSN to a valid DSN for
your environment.
On the EXPORT commands change PASSWORD(SECRET) to a valid
password for your environment
On the RECKEY commands all UID(UID string for xxxxxxxx)
parameters should be updated with the appropriate UID
for the logonid xxxxxxxx.
Please note the following.
Note this sample job contains ACF2 UID based rules. For sites
that want to use ROLE base rules the X(ROL) records should
be created and the RECKEY commands should be updated
replacing the UID parameters with the appropriate ROLE
parameters.
1. This job contains sample security definitions that
should be reviewed based on the documentation provided
in "z/OS Connect Enterprise Edition V3.0
Getting Started Guide
for CICS, IMS, Db2 and MQ", WP102724.
2. This job contains statements that MUST be completed
with installation-specific data.
E.g. UID(nn), GID(nn)...
3. This job contains statements that may need to be
modified for installation-dependent data, e.g.
if non-default names were chosen.
4. The statements below are intended for use with
z/OS Security Server (ACF2).
5. Resource class APPL and SERVER resource classes default to
TYPE(SAF):
Resource class 3 char. type code
-------------- -----------------
APPL SAF
SERVER SAF
We recommend changing the default type code for the APPL
resource class from SAF to APL, and the default type code for
the SERVER resource class from SAF to SRV. You may choose a
different 3 character type code (especially if you are already
using APL or SRV for other purposes).
If you already have a CLASMAP for APPL to use a type code other
than SAF, eliminate the INSERT and REFRESH, and specify your
defined type code in the SET RESOURCE(typ) statement where
"typ" is your defined type code. Be sure to change the
SET RESOURCE(typ) to your type codes.
6. This sample job requires the following fields to be changed
to installation-specific data:
On the INSERT ANGELIDP command change angel_home to the
Angel USS home directory.
On the INSERT LIBERTID command change server_home to the
Liberty server USS home directory.
On the INSERT STCID command change angelProc* to a masked
string for Angel Process procs.
On the INSERT STCID command change serverProc* to a masked
string for the Liberty Profile server.
On the INSERT DSN2APPL command change SSKEY(key-value) to a
16-character hexadecimal representation of * the eight
byte encryption key.
For example: SSKEY(123456789ABCDEF0)
On the EXPORT commands change the DSN to a valid DSN for
your environment.
On the EXPORT commands change PASSWORD(SECRET) to a valid
password for your environment
On the RECKEY commands all UID(UID string for xxxxxxxx)
parameters should be updated with the appropriate UID
for the logonid xxxxxxxx.
Attachments
Feedback
Yes
No
Powered by
