What ACF2 security setup is needed for IBM’s z/OS Connect Enterprise Edition V3.0?

book

Article ID: 128597

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction


 

What ACF2 security setup is needed for IBM’s z/OS Connect Enterprise Edition V3.0?

Environment

Release:
Component: ACF2MS

Resolution

ACF2 Sample JCL ACFCONEE for z/OS Connect Enterprise Edition V3.0 is attached.

Please note the following.

  Note this sample job contains ACF2 UID based rules. For sites   
     that want to use ROLE base rules the X(ROL) records should   
     be created and the RECKEY commands should be updated         
     replacing the UID parameters with the appropriate ROLE        
     parameters.                                                   
                                                                  
  1. This job contains sample security definitions that           
     should be reviewed based on the documentation provided       
     in "z/OS Connect Enterprise Edition V3.0                     
         Getting Started Guide                                    
         for CICS, IMS, Db2 and MQ",  WP102724.                   
  2. This job contains statements that MUST be completed          
     with installation-specific data.                             
     E.g. UID(nn), GID(nn)...                                     
  3. This job contains statements that may need to be             
     modified for installation-dependent data, e.g.               
     if non-default names were chosen.                            
  4. The statements below are intended for use with               
     z/OS Security Server (ACF2).                                 
  5. Resource class APPL and SERVER resource classes default to   
     TYPE(SAF):                                                   
  Resource class   3 char. type code                              
  --------------   -----------------                              
      APPL               SAF                                      
      SERVER             SAF                                      
                                                                  
  We recommend changing the default type code for the APPL        
  resource class from SAF to APL, and the default type code for   
  the SERVER resource class from SAF to SRV.  You may choose a    
  different 3 character type code (especially if you are already  
  using APL or SRV for other purposes).                           
                                                                  
  If you already have a CLASMAP for APPL to use a type code other 
  than SAF, eliminate the INSERT and REFRESH, and specify your    
  defined type code in the SET RESOURCE(typ) statement where      
  "typ" is your defined type code. Be sure to change the          
  SET RESOURCE(typ) to your type codes.                           
                                                                  
  6. This sample job requires the following fields to be changed  
     to installation-specific data:                               
                                                                  
     On the INSERT ANGELIDP command change angel_home to the      
       Angel USS home directory.                                  
     On the INSERT LIBERTID command change server_home to the     
       Liberty server USS home directory.                         
     On the INSERT STCID command change angelProc* to a masked    
       string for Angel Process procs.                            
     On the INSERT STCID command change serverProc* to a masked   
       string for the Liberty Profile server.                     
     On the INSERT DSN2APPL command change SSKEY(key-value) to a  
       16-character hexadecimal representation of * the eight     
       byte encryption key.                                       
       For example: SSKEY(123456789ABCDEF0)                       
     On the EXPORT commands change the DSN to a valid DSN for     
       your environment.                                          
     On the EXPORT commands change PASSWORD(SECRET) to a valid    
       password for your environment                              
     On the RECKEY commands all UID(UID string for xxxxxxxx)      
       parameters should be updated with the appropriate UID      
       for the logonid xxxxxxxx.                                  

Attachments

1595867248437__1562862364697__ACFCONEE_zOS_Connect_EE_V30update.txt get_app