RACF Conversion To CA Top Secret For $OMEGZOS Resource Class

book

Article ID: 132098

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction



Please define a new SAF general resource class "$OMEGZOS" as described by: 
https://www.ibm.com/support/knowledgecenter/SSAUBV/com.ibm.omegamon_share.doc_6.3.0.2/zcommonconfig/complete_security_e3270_safresourceclass_cpcg.htm 

SETROPTS CLASSACT(CDT) RACLIST(CDT) 
RDEFINE CDT $OMEGZOS UACC(NONE) CDTINFO( + 
CASE(UPPER) FIRST(ALPHA,NATIONAL) OTHER(ALPHA,NATIONAL,SPECIAL,NUMERIC) + 
MAXLENGTH(246) MAXLENX(246) KEYQUALIFIERS(0) + 
PROFILESALLOWED(YES) POSIT(nnn) GENERIC(ALLOWED) + 
RACLIST(REQUIRED) ) 
SETROPTS RACLIST(CDT) REFRESH 
SETROPTS RACLIST($OMEGZOS) 
SETROPTD GENERIC($OMEGZOS) 
SETROPTS CLASSACT($OMEGZOS) 

Please define logon profile to the new class as described by: 
https://www.ibm.com/support/knowledgecenter/SSAUBV/com.ibm.omegamon_share.doc_6.3.0.2/zcommonconfig/complete_security_e3270_logonprofiles_cpcg.htm 

RDEFINE $OMEGZOS KOB.LOGON.** UACC(NONE) 
SETROPTS RACLIST($OMEGZOS) REFRESH

Environment

Release:
Component: TSSMVS

Resolution

** Please define a new SAF general resource class "$OMEGZOS" as described by: 

SETROPTS CLASSACT(CDT) RACLIST(CDT) 
RDEFINE CDT $OMEGZOS UACC(NONE) CDTINFO( + 
CASE(UPPER) FIRST(ALPHA,NATIONAL) OTHER(ALPHA,NATIONAL,SPECIAL,NUMERIC) + 
MAXLENGTH(246) MAXLENX(246) KEYQUALIFIERS(0) + 
PROFILESALLOWED(YES) POSIT(nnn) GENERIC(ALLOWED) + 
RACLIST(REQUIRED) ) 
SETROPTS RACLIST(CDT) REFRESH 
SETROPTS RACLIST($OMEGZOS) 
SETROPTD GENERIC($OMEGZOS) 
SETROPTS CLASSACT($OMEGZOS) 

CA Top Secret Equivalent: 
TSS ADD(RDT) RESCLASS($OMEGZOS) RESCODE(nnn) MAXLEN(246) POSIT(yyy) ACLST(ALL,UPDATE=6000,READ=4000,NONE) 

Where 
‘nnn’ is a resource code between x’001’ and x’03F’ or x’101’ through x’13F’ that is not currently being used. If you use x’101’ through x’13F’, the resource will automatically be maskable. 
‘yyy’ is a decimal value between 19 -- 56, and 128 -- 527. 

There aren't any access levels in the RACF definition for this class so there is not ACLST in the TSS ADD(RDT) command above. 

** Please define logon profile to the new class as described by: 

RDEFINE $OMEGZOS KOB.LOGON.** UACC(NONE) 
SETROPTS RACLIST($OMEGZOS) REFRESH 

CA Top Secret Equivalent 
TSS ADD(dept) $OMEGZOS(KOB.LOGON.) 

There is not a RACF PERMIT command to allow the resource, but if needed, to permit this in CA Top Secret: 

TSS PER(acid) $OMEGZOS(KOB.LOGON.) 

Where 
‘acid’ is the user record, an attached profile, or the ALL record if all users should have access.