Release : 16.0
Component : CA Top Secret for z/OS
//IZUSPSEC JOB MSGCLASS=C,MSGLEVEL=(1,1),USER=XXXXXXX,NOTIFY=XXXXXXX
//STEP1 EXEC PGM=IKJEFT01,DYNAMNBR=99
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
/* */
/* Begin "Sysplex Management" Setup. */
/* All security definitions in this sample are required for */
/* Sysplex Management task */
/* Define profile and permit definition for IZUUSER */
/* and IZUADMIN group who can access Sysplex Management task */
/* and view Sysplex resources. */
RDEFINE ZMFAPLA IZUDFLT.ZOSMF.SYSPLEX UACC(NONE)
PERMIT IZUDFLT.ZOSMF.SYSPLEX +
CLASS(ZMFAPLA) ID(IZUUSER) ACCESS(READ)
PERMIT IZUDFLT.ZOSMF.SYSPLEX +
CLASS(ZMFAPLA) ID(IZUADMIN) ACCESS(READ)
TSS ADD(owningacid) ZMFAPLA(IZUDFLT)
TSS PER(IZUADMIN) ZMFAPLA(IZUDFLT.ZOSMF.SYSPLEX) AXCC(READ)
/* Define profile and Permit definition for IZUADMIN group */
/* who can modify Sysplex resources */
RDEFINE ZMFAPLA IZUDFLT.ZOSMF.SYSPLEX.MODIFY UACC(NONE)
PERMIT IZUDFLT.ZOSMF.SYSPLEX.MODIFY +
CLASS(ZMFAPLA) ID(IZUADMIN) ACCESS(READ)
TSS PER(IZUADMIN) ZMFAPLA(IZUDFLT.ZOSMF.SYSPLEX.MODIFY) AXCC(READ)
/* Define profile and Permit definition for who can cleanup */
/* command log table and set cleanup settings. Replace the */
/* <userid> with the userid who wants to do these actions */
/* RDEFINE ZMFAPLA IZUDFLT.ZOSMF.SYSPLEX.LOG UACC(NONE) */
/* PERMIT IZUDFLT.ZOSMF.SYSPLEX.LOG CLASS(ZMFAPLA) + */
/* ID(<userid>) ACCESS(READ)
TSS PER(userid) ZMFAPLA(IZUDFLT.ZOSMF.SYSPLEX.LOG) ACC(READ)
*/
/* Need to REFRESH these classes for Roles */
SETROPTS RACLIST(ZMFAPLA) REFRESH
/* Begin required CEA resources Setup */
/* Define profile and Permit definition for IZUUSER and IZUADMIN */
/* to access CEA resources which Sysplex Management task */
/* depends on. */
RDEFINE SERVAUTH CEA.XCF.CF UACC(NONE)
PERMIT CEA.XCF.CF CLASS(SERVAUTH) ID(IZUUSER) ACCESS(READ)
PERMIT CEA.XCF.CF CLASS(SERVAUTH) ID(IZUADMIN) ACCESS(READ)
RDEFINE SERVAUTH CEA.XCF.CDS UACC(NONE)
PERMIT CEA.XCF.CDS CLASS(SERVAUTH) ID(IZUUSER) ACCESS(READ)
PERMIT CEA.XCF.CDS CLASS(SERVAUTH) ID(IZUADMIN) ACCESS(READ)
RDEFINE SERVAUTH CEA.XCF.SYSPLEX UACC(NONE)
PERMIT CEA.XCF.SYSPLEX CLASS(SERVAUTH) ID(IZUUSER) ACCESS(READ)
PERMIT CEA.XCF.SYSPLEX CLASS(SERVAUTH) ID(IZUADMIN) ACCESS(READ)
RDEFINE SERVAUTH CEA.XCF.STRUCTURE UACC(NONE)
PERMIT CEA.XCF.STRUCTURE CLASS(SERVAUTH) ID(IZUUSER) ACCESS(READ)
PERMIT CEA.XCF.STRUCTURE CLASS(SERVAUTH) ID(IZUADMIN) ACCESS(READ)
TSS ADD(owningacid) SERVAUTH(CEA.)
TSS PER(IZUUSER) SERVAUTH(CEA.XCF.CF) ACC(READ)
TSS PER(IZUUSER) SERVAUTH(CEA.XCF.CDS) ACC(READ)
TSS PER(IZUUSER) SERVAUTH(CEA.XCF.SYSPLEX) ACC(READ)
TSS PER(IZUUSER) SERVAUTH(CEA.XCF.STRUCTURE) ACC(READ)
TSS PER(IZUADMIN) SERVAUTH(CEA.XCF.CF) ACC(READ)
TSS PER(IZUADMIN) SERVAUTH(CEA.XCF.CDS) ACC(READ)
TSS PER(IZUADMIN) SERVAUTH(CEA.XCF.SYSPLEX) ACC(READ)
TSS PER(IZUADMIN) SERVAUTH(CEA.XCF.STRUCTURE) ACC(READ)
/* Replace the <system-name> with the system name of all the */
/* systems which you want to manage by z/OSMF Sysplex Management */
/* task in your Sysplex. */
/* RDEFINE SERVAUTH CEA.XCF.FLOW.<system-name> UACC(NONE) */
/* PERMIT CEA.XCF.FLOW.<system-name> CLASS(SERVAUTH) + */
/* ID(IZUUSER) ACCESS(READ) */
/* PERMIT CEA.XCF.FLOW.<system-name> CLASS(SERVAUTH) + */
/* ID(IZUADMIN) ACCESS(READ)
TSS PER(IZUUSER) SERVAUTH(CEA.XCF.FLOW) ACC(READ)
TSS PER(IZUADMIN) SERVAUTH(CEA.XCF.FLOW) ACC(READ)
*/
SETROPTS RACLIST(SERVAUTH) REFRESH
/* End required CEA resources Setup */
/* Begin required console rest service setup */
/* To use the Sysplex Management task whole function, the user */
/* needs to set up console rest service security authorization */
/* first, so please refer to izugcsec.samp and submit it after */
/* setting the variables. */
/* In izugcsec.samp, the console name is independent for each */
/* user, each user needs to specify their own console name and */
/* Sysplex Management task requires the console name as below */
/* rule: specify <consolename> to "<username>sp": */
/* NOTE:<username> is the z/OSMF user name. If z/OSMF user name */
/* length is greater than six characters, it will use last */
/* six characters of z/OSMF user name. */
/* e.g., username=IBMUSER; consolename = BMUSERSP */
/* End required console rest service setup */
/* */
/* End "SYSPLEX Management" Setup */
/* */
/*