RACF Conversion To CA Top Secret For $OMEGZOS Resource Class
Article ID: 132098
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
Please define a new SAF general resource class "$OMEGZOS" as described by:
https://www.ibm.com/support/knowledgecenter/SSAUBV/com.ibm.omegamon_share.doc_6.3.0.2/zcommonconfig/complete_security_e3270_safresourceclass_cpcg.htm
SETROPTS CLASSACT(CDT) RACLIST(CDT)
RDEFINE CDT $OMEGZOS UACC(NONE) CDTINFO( +
CASE(UPPER) FIRST(ALPHA,NATIONAL) OTHER(ALPHA,NATIONAL,SPECIAL,NUMERIC) +
MAXLENGTH(246) MAXLENX(246) KEYQUALIFIERS(0) +
PROFILESALLOWED(YES) POSIT(nnn) GENERIC(ALLOWED) +
RACLIST(REQUIRED) )
SETROPTS RACLIST(CDT) REFRESH
SETROPTS RACLIST($OMEGZOS)
SETROPTD GENERIC($OMEGZOS)
SETROPTS CLASSACT($OMEGZOS)
Please define logon profile to the new class as described by:
https://www.ibm.com/support/knowledgecenter/SSAUBV/com.ibm.omegamon_share.doc_6.3.0.2/zcommonconfig/complete_security_e3270_logonprofiles_cpcg.htm
RDEFINE $OMEGZOS KOB.LOGON.** UACC(NONE)
SETROPTS RACLIST($OMEGZOS) REFRESH
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
** Please define a new SAF general resource class "$OMEGZOS" as described by:
SETROPTS CLASSACT(CDT) RACLIST(CDT)
RDEFINE CDT $OMEGZOS UACC(NONE) CDTINFO( +
CASE(UPPER) FIRST(ALPHA,NATIONAL) OTHER(ALPHA,NATIONAL,SPECIAL,NUMERIC) +
MAXLENGTH(246) MAXLENX(246) KEYQUALIFIERS(0) +
PROFILESALLOWED(YES) POSIT(nnn) GENERIC(ALLOWED) +
RACLIST(REQUIRED) )
SETROPTS RACLIST(CDT) REFRESH
SETROPTS RACLIST($OMEGZOS)
SETROPTD GENERIC($OMEGZOS)
SETROPTS CLASSACT($OMEGZOS)
CA Top Secret Equivalent:
TSS ADD(RDT) RESCLASS($OMEGZOS) RESCODE(nnn) MAXLEN(246) POSIT(yyy) ACLST(ALL,UPDATE=6000,READ=4000,NONE)
Where
‘nnn’ is a resource code between x’001’ and x’03F’ or x’101’ through x’13F’ that is not currently being used. If you use x’101’ through x’13F’, the resource will automatically be maskable.
‘yyy’ is a decimal value between 19 -- 56, and 128 -- 527.
There aren't any access levels in the RACF definition for this class so there is not ACLST in the TSS ADD(RDT) command above.
** Please define logon profile to the new class as described by:
RDEFINE $OMEGZOS KOB.LOGON.** UACC(NONE)
SETROPTS RACLIST($OMEGZOS) REFRESH
CA Top Secret Equivalent
TSS ADD(dept) $OMEGZOS(KOB.LOGON.)
There is not a RACF PERMIT command to allow the resource, but if needed, to permit this in CA Top Secret:
TSS PER(acid) $OMEGZOS(KOB.LOGON.)
Where
‘acid’ is the user record, an attached profile, or the ALL record if all users should have access.
SETROPTS CLASSACT(CDT) RACLIST(CDT)
RDEFINE CDT $OMEGZOS UACC(NONE) CDTINFO( +
CASE(UPPER) FIRST(ALPHA,NATIONAL) OTHER(ALPHA,NATIONAL,SPECIAL,NUMERIC) +
MAXLENGTH(246) MAXLENX(246) KEYQUALIFIERS(0) +
PROFILESALLOWED(YES) POSIT(nnn) GENERIC(ALLOWED) +
RACLIST(REQUIRED) )
SETROPTS RACLIST(CDT) REFRESH
SETROPTS RACLIST($OMEGZOS)
SETROPTD GENERIC($OMEGZOS)
SETROPTS CLASSACT($OMEGZOS)
CA Top Secret Equivalent:
TSS ADD(RDT) RESCLASS($OMEGZOS) RESCODE(nnn) MAXLEN(246) POSIT(yyy) ACLST(ALL,UPDATE=6000,READ=4000,NONE)
Where
‘nnn’ is a resource code between x’001’ and x’03F’ or x’101’ through x’13F’ that is not currently being used. If you use x’101’ through x’13F’, the resource will automatically be maskable.
‘yyy’ is a decimal value between 19 -- 56, and 128 -- 527.
There aren't any access levels in the RACF definition for this class so there is not ACLST in the TSS ADD(RDT) command above.
** Please define logon profile to the new class as described by:
RDEFINE $OMEGZOS KOB.LOGON.** UACC(NONE)
SETROPTS RACLIST($OMEGZOS) REFRESH
CA Top Secret Equivalent
TSS ADD(dept) $OMEGZOS(KOB.LOGON.)
There is not a RACF PERMIT command to allow the resource, but if needed, to permit this in CA Top Secret:
TSS PER(acid) $OMEGZOS(KOB.LOGON.)
Where
‘acid’ is the user record, an attached profile, or the ALL record if all users should have access.
Feedback
Yes
No
Powered by
